Course Outline

ProTech Professional Technical Services, Inc.

EC-Council Certified Network Defense Architect (CNDA)

Course Summary

Description

This class will immerse the student into an interactive environment where they will be shown how to scan, Outline test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive class they will have hands on understanding and experience in Ethical Hacking.

Course This course prepares you for Certified Network Defense Architect exam 312-99

Topics

• Ethics and Legality • Web Based Password Cracking • Footprinting Techniques • Scanning • SQL injection • Enumeration • Hacking Wireless Networks • System Hacking • Virus and Worms • Trojans & Backdoors • Physical Security • Sniffers • Linux Hacking • Denial of Service • Evading Firewalls, IDS and Honeypots • Social Engineering • Buffer Overflows • Session Hijacking • Cryptography • Hacking Web Servers • Penetration Testing • Web Application Vulnerabilities

Audience

This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. This course was specially designed for Government Agencies.

Prerequisite

There are no prerequisites for this course.

Duration

Five Days

Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. References to other companies and their products are for informational purposes only, and all trademarks are the properties of their respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generically.

ProTech Professional Technical Services, Inc.

EC-Council Certified Network Defense Architect (CNDA)

Course Outline

I. Ethics and Legality 13. GFI Languard A. Why Security? 14. ISS Security Scanner B. The Security, functionality and ease of use 15. Netcraft

Outline Triangle 16. IPsec Scan C. Can Hacking be Ethical? 17. NetScan Tools pro 2003 D. Essential Terminology. 18. Super Scan E. Elements of Security. 19. Floppyscan F. What does a Malicious Hacker do? G. War Dialer G. Difference between Penetration Testing H. Hacking Tools and Ethical Hacking. 1. THC Scan H. Hacker Classes. 2. Friendly Pinger I. What do Ethical Hackers do? 3. Cheops

J. Skill Profile of an Ethical Hacker. 4. Security Administrator’s Tool for Course K. Modes of Ethical Hacking. Analyzing Network (SATAN) L. Security Testing. 5. SAFEsuite Internet Scanner M. Deliverables. 6. IdentTCPScan N. Computer Crimes and Implications. 7. PortScan Plus O. Legal Perspective (US Federal Laws). 8. Strobe 9. Blaster Scan II. Footprinting I. OS Fingerprinting A. Defining Footprinting. J. Active Stack fingerprinting B. Information Gathering Methodology. K. Tool for Active Stack fingerprinting C. Locate the Network Range. 1. XPROBE2 D. Hacking Tools: L. Passive Fingerprinting 1. Whois M. Proxy Servers 2. Nslookup N. Hacking Tools 3. ARIN 1. Socks Chain 4. Traceroute 2. Anonymizers 5. NeoTrace 3. HTTP Tunnel 6. VisualRoute Trace 4. HTTPort 7. SmartWhois O. Countermeasures 8. Visual Lookout 9. VisualRoute Mail Tracker IV. Enumeration 10. eMailTrackerPro A. What is Enumeration? B. NetBios Null Sessions III. Scanning C. Hacking Tools A. Definition of Scanning. 1. DumpSec B. Types of scanning 2. Winfo C. Objectives of Scanning 3. NetBIOS Auditing Tool (NAT) D. Scanning Methodology D. Null Session Countermeasures E. Classification of Scanning E. NetBIOS Enumeration F. Hacking Tools F. Hacking Tool :NBTScan 1. Nmap G. Simple Network Management 2. XMAS Scan 1. Protocol (SNMP) Enumeration 3. FIN Scan H. Hacking Tools 4. Null Scan 1. Solarwinds 5. Windows Scan 2. Enum 6. Idle Scan SNScan 7. Nessus I. SNMP Enumeration Countermeasures 8. Retina J. Management Information Base (MIB) 9. Saint K. Windows 2000 DNS Zone Transfer 10. HPing2 L. Blocking Win 2k DNS Zone Transfer 11. Firewalk M. Enumerating User Accounts 12. NIKTO N. Hacking Tools

ProTech Professional Technical Services, Inc.

EC-Council Certified Network Defense Architect (CNDA)

Course Outline (cont.)

1. User2sid and Sid2user 1. GetAdmin 2. UserInfo 2. hk.exe 3. GetAcct AA. Keystroke Loggers

Outline 4. DumpReg BB. Hacking Tools 5. Trout 1. IKS Software Keylogger 6. Winfingerprint 2. Ghost Keylogger 7. PsTools 3. Hardware Key Logger 8. (PSFile,PSLoggedOn,PSGetSid,PS 4. Spyware Spector Info,PSService,P SList,PSKill, 5. eBlaster 9. PSSuspend, PSLogList, PSExec, CC. Hiding Files PSShutdown) DD. Creating Alternate Data Streams O. Active Directory Enumeration and EE. ADS creation and detection Countermeasures FF. Hacking Tools Course 1. Makestream V. System Hacking 2. ads_cat A. Administrator Password Guessing 3. Streams B. Manual Password Cracking Algorithm 4. LADS (List Alternate Data Streams) C. Automated Password Cracking GG. NTFS Streams Countermeasures D. Password Types HH. Stealing Files Using Word Documents E. Types of Password Attacks II. Field Code Countermeasures F. Hacking Tool JJ. Steganography 1. NTInfoScan (CIS) KK. Spyware Tool - Desktop Spy G. Performing Automated Password LL. Hacking Tools Guessing 1. Steganography tools H. Hacking Tool A. DiSi-Steganograph I. Legion B. EZStego J. Password Sniffing C. Gif-It-Up v1.0 Gifshuffle K. Hacking Tools D. Hide and Seek JPEG-JSTEG 1. LOphtcrack MandelSteg and GIFExtract 2. pwdump2 and pwdump3 Mp3Stego 3. KerbCrack E. Nicetext 4. NBTdeputy F. Pretty Good Envelope L. NetBIOS DoS Attack G. OutGuess M. Hacking Tools H. SecurEngine 1. NBName I. Stealth 2. John the Ripper J. Steganos N. LAN Manager Hash K. Steghide O. Password Cracking Countermeasures L. Stegodos P. Syskey Utility M. Stegonosaurus Q. Cracking NT/2000 Passwords N. StegonoWav R. Hacking Tool O. wbStego 1. NTFSDOS 2. Image Hide S. SMB Logon 3. MP3Stego T. Hacking Tool: SMBRelay 4. StegonoWav U. SMBRelay Man-in-the-Middle Scenario Snow.exe V. Hacking Tool : SMBRelay2 1. Camera/Shy MM. Steganography Detection W. SMBRelay Weaknesses and NN. Hacking Tool Countermeasures 1. diskprobe.exe X. Hacking Tools OO. Covering Tracks 1. SMBGrind PP. Disabling Auditing and clearing Event 2. SMBDie Logs Y. Privilege Escalation QQ. Hacking Tool Z. Hacking Tools 1. Dump Event Log

ProTech Professional Technical Services, Inc.

EC-Council Certified Network Defense Architect (CNDA)

Course Outline (cont.)

2. elsave.exe O. Hard Disk Killer (HDKP 4.0) 3. WinZapper P. ICMP Tunneling 4. Evidence Eliminator Q. Hacking Tool: Loki

Outline RR. RootKit R. Loki Countermeasures SS. Planting the NT/2000 RootKit S. Reverse WWW Shell – Covert Channels TT. Hacking Tools using HTTP 1. Fu T. Hacking Tools 2. Vanquish 1. fPort UU. Rootkit Countermeasures 2. TCP View VV. Hacking Tool U. Tripwire 1. Patchfinder 2.0 V. Process Viewer W. Inzider-Tracks Processes and Ports VI. Trojans and Backdoors X. System File Verification Course A. Effect on Business Y. Trojan horse Construction Kit B. What is a Trojan? Z. Anti-Trojan C. Overt and Covert Channels AA. Evading Anti-Trojan/Anti-Virus using D. Working of Trojans Stealth Tools v 2.0 E. Different Types of Trojans BB. Reverse Engineering Trojans F. What Trojan Creators look for? CC. Backdoor Countermeasures G. Different ways a Trojan can get into a system VII. Sniffers H. Indications of a Trojan Attack A. Definition of sniffing I. Some famous Trojans and ports used by B. How a Sniffer works? them C. Passive Sniffing J. How to determine which ports are D. Active Sniffing “Listening”? E. Hacking Tool: EtherFlood K. Different Trojans found in the Wild F. Man-in-the-Midle Attacks 1. Beast 2.06 G. Spoofing and Sniffing Attacks 2. Phatbot H. ARP Poisoning and countermeasures 3. Senna Spy 1. Hacking Tools 4. CyberSpy 2. Ethereal 5. Remote Encrypted Callback UNIX 3. Dsniff Backdoor (RECUB) 4. Sniffit 6. Amitis 5. Aldebaran 7. QAZ 6. Hunt 8. Back Orifice 7. NGSSniff 9. Back Orifice 2000 8. Ntop pf 10. Tini 9. IPTraf Etherape Netfilter Network 11. NetBus Probe 12. SubSeven 10. Windump 13. Netcat 11. Etherpeek 14. Subroot 12. Ettercap 15. Let me Rule 2.0 Beta 9 13. SMAC 16. Donald Dick 14. Mac Changer 17. Graffiti.exe 15. Iris 18. EliteWrap 16. NetIntercept 19. IconPlus 17. WinDNSSpoof 20. Restorator 18. NetIntercept 21. Whack-a-mole 19. Win DNSpoof 22. Firekiller 2000 20. TCPDump L. BoSniffer 21. Network Monitor M. Wrappers 22. Gobbler N. Packaging Tool : Wordpad 23. ETHLOAD

ProTech Professional Technical Services, Inc.

EC-Council Certified Network Defense Architect (CNDA)

Course Outline (cont.)

24. Esniff I. Policies and procedures 25. Sunsniff J. Security Policies-checklist 26. Linux_sniffer

Outline 27. Sniffer Pro X. Session Hijacking I. Sniffing Countermeasures A. Understanding Session Hijacking B. Spoofing vs Hijacking VIII. Denial of Service C. Steps in Session Hijacking A. What is Denial of Service? D. Types of Session Hijacking B. Goal of DoS(Denial of Service) E. TCP Concepts 3 Way Handshake C. Impact and Modes of Attack F. Sequence numbers D. DoS Attack Classification G. Hacking Tools 1. Smurf 1. Juggernaut 2. Buffer Overflow Attacks 2. T-Sight Course 3. Ping Of death 3. TTY Watcher 4. Teardrop 4. IP Watcher 5. SYN 5. Hunt 6. Tribal Flow Attack 6. Paros v3.1.1 E. Hacking Tools 7. TTY-Watcher 1. Jolt2 8. IP Watcher 2. Bubonic.c 9. T-sight 3. Land and LaTierra 10. Remote TCP Session Reset Utility 4. Targa H. Dangers Posed by Session Hijacking F. Distributed DOS Attacks and I. Protection against Session Hijacking Characteristics J. Countermeasures: IP Security G. Agent Handler Model H. IRC-Based DDoS Attack Model XI. Hacking Web Servers I. DDoS Attack taxonomy A. How Web Servers Work? J. DDoS Tools B. How are Web Servers Compromised? 1. Trin00 C. Popular Web Servers and Common 2. Tribe Flow Network (TFN) Security Threats 3. TFN2K Stacheldraht Shaft Trinity D. Apache Vulnerability Knight E. Attack against IIS 4. Mstream F. IIS Components 5. Kaiten G. Sample Buffer Overflow Vulnerabilities K. Reflected DOS Attacks H. Hacking Tool: IISHack.exe L. Reflection of the Exploit I. ISAPI.DLL Exploit M. Countermeasures for Reflected DoS J. Code Red and ISAPI.DLL Exploit N. Tools for Detecting DDOS Attacks K. Unicode 1. ipgrep L. Unicode Directory Traversal Vulnerability 2. tcpdstat M. Hacking Tools 3. findoffer 1. Unicodeuploader.pl O. DDoS Countermeasures 2. IISxploit.exe P. Defensive Tool: Zombie Zapper 3. execiis-win32.exe Q. Worms: Slammer and MyDoom.B N. Msw 3prt IPP Vulnerability O. Hacking Tool: Jill.c IX. Social Engineering P. IPP Buffer Overflow Countermeasures A. What is Social Engineering? Q. Unspecified Executed Path Vulnerability B. Art of Manipulation R. File System Traversal Countermeasures C. Human Weakness S. WebDAV/ ntdll.dll Vulnerability D. Common Types of Social Engineering T. Real World instance of WebDAV Exploit E. Human Based Impersonation U. Hacking Tool: “KaHT” F. Example of social engineering V. RPCDCOM Vulnerability G. Computer Based Social Engineering W. ASN Exploits H. Reverse Social Engineering X. IIS Logs

ProTech Professional Technical Services, Inc.

EC-Council Certified Network Defense Architect (CNDA)

Course Outline (cont.)

Y. Network Tool: Log Analyzer X. Platform Exploits Z. Hacking Tool: Clean IISLog Y. Internet Explorer Exploits AA. Escalating Privileges on IIS Z. DMZ Protocol Attacks

Outline BB. Hacking Tools AA. DMZ 1. hk.exe BB. Countermeasures 2. cmdasp.asp CC. Security Management Exploits 3. iiscrack.dll DD. Web Services Attacks 4. ispc.exe EE. Zero Day Attacks 5. Microsoft IIS 5.0 - 5.1 remote denial FF. Network Access Attacks of service Exploit Tool GG. TCP Fragmentation 6. Microsoft Frontpage Server HH. Hacking Tools: Extensions fp30reg.dll Exploit Tool 1. Instant Source 7. =GDI+ JPEG Remote Exploit Tool 2. Wget Course 8. Windows Task Scheduler Exploit 3. WebSleuth Tool 4. Black Widow 9. Microsoft Windows POSIX 5. Window Bomb Subsystem Local Privilege II. Burp: Positioning Payloads Escalation Exploit Tool JJ. Burp: Configuring Payloads and Content CC. Hot Fixes and Patches Enumeration DD. Solution: UpdateEXPERT KK. Burp EE. cacls.exe Utility LL. Burp Proxy: Intercepting HTTP/S Traffic FF. Vulnerability Scanners MM. Burp Proxy: Hex-editing of Intercepted GG. Network Tools Traffic 1. Whisker NN. Burp Proxy: Browser Access to Request 2. N-Stealth History 3. Webinspect OO. Hacking Tool: cURL 4. Shadow Security Scanner PP. Carnivore HH. Countermeasures QQ. Google Hacking II. Increasing Web Server Security XIII. Web Based Password Cracking Techniques XII. Web Application Vulnerabilities A. Authentication- Definition A. Web Application Set-up B. Authentication Mechanisms B. Web Application Hacking C. HTTP Authentication C. Anatomy of an Attack D. Basic Authentication D. Web Application Threats E. Digest Authentication E. Cross Site Scripting/XSS Flaws F. Integrated Windows (NTLM) F. An Example of XSS Authentication G. Countermeasures G. Negotiate Authentication H. SQL Injection H. Certificate-based Authentication I. Command Injection Flaws I. Forms-based Authentication J. Countermeasures J. Microsoft Passport Authentication K. Cookie/Session Poisoning K. What is a Password Cracker? L. Countermeasures L. Modus Operandi of an Attacker using M. Parameter/Form Tampering Password Cracker N. Buffer Overflow M. How does a Password Cracker work? O. Countermeasures N. Attacks- Classification P. Directory Traversal/Forceful Browsing O. Password Guessing Q. Countermeasures P. Query String R. Cryptographic Interception Q. Cookies S. Authentication Hijacking R. Dictionary Maker T. Countermeasures S. Password Crackers Available U. Log Tampering 1. LOphtcrack V. Error Message Interception 2. John The Ripper W. Attack Obfuscation 3. Brutus

ProTech Professional Technical Services, Inc.

EC-Council Certified Network Defense Architect (CNDA)

Course Outline (cont.)

4. Obiwan I. Advantages and Disadvantages of 5. Authforce Wireless Network 6. Hydra J. Antennas

Outline 7. Cain and Abel K. SSIDs 8. RAR L. Access Point Positioning 9. Gammaprog M. Rogue Access Points T. Hacking Tools: N. Tools to Generate Rogue Access Points 1. WebCracker 1. Fake AP 2. Munga Bunga 2. NetStumbler 3. PassList 3. MiniStumbler 4. Read Cookies O. What is Wireless Equivalent Privacy 5. SnadBoy (WEP)? 6. WinSSLMiM P. WEP Tool: Course U. “Mary had a Little Lamb” Formula 1. AirSnort V. Countermeasures 2. WEPCrack Q. Related Technology and Carrier Networks XIV. SQL Injection R. MAC Sniffing and AP Spoofing A. Attacking SQL Servers S. Tool to detect MAC Address Spoofing: B. SQL Server Resolution Service (SSRS) Wellenreiter v2 C. Osql-L Probing T. Terminology D. Port Scanning U. Denial of Service Attacks E. Sniffing, Brute Forcing and finding V. DoS Attack Tool: FATAjack Application Configuration Files W. Man-in-the-Middle Attack (MITM) F. Tools for SQL Server Penetration Testing X. Scanning Tools: 1. SQLDict 1. Redfang 2. SqlExec 2. Kismet 3. SQLbf 3. THC- WarDrive v2.1 4. SQLSmack 4. PrismStumbler 5. SQL2.exe 5. MacStumbler 6. AppDetective 6. Mognet v1.16 7. Database Scanner 7. WaveStumbler 8. SQLPoke 8. StumbVerter v1.5 9. NGSSQLCrack 9. NetChaser v1.0 for Palm tops 10. AP Scanner 10. NGSSQuirreL 11. Wavemon 11. SQLPing v2.2 12. Wireless Security Auditor (WSA) G. OLE DB Errors 13. AirTraf 1.0 H. Input Validation Attack 14. Wifi Finder I. Login Guessing & Insertion Y. Sniffing Tools: J. Shutting Down SQL Server 1. AiroPeek K. Extended Stored Procedures 2. NAI Sniffer Wireless L. SQL Server Talks 3. Ethereal M. Preventive Measures 4. Aerosol v0.65 5. vxSniffer XV. Hacking Wireless Networks 6. EtherPEG A. Introduction to Wireless Networking 7. Drifnet B. Business and Wireless Attacks 8. AirMagnet C. Wireless Basics 9. WinDump 3.8 Alpha D. Components of Wireless Network 10. ssidsniff E. Types of Wireless Network Z. Multi Use Tool: THC-RUT F. Setting up WLAN AA. Tool: WinPcap G. Detecting a Wireless Network BB. Auditing Tool: bsd-airtools H. How to access a WLAN CC. WIDZ- Wireless Detection Intrusion System

ProTech Professional Technical Services, Inc.

EC-Council Certified Network Defense Architect (CNDA)

Course Outline (cont.)

DD. Securing Wireless Networks XVII. Physical Security EE. Out of the box Security A. Security statistics FF. Radius: Used as Additional layer in B. Physical Security breach incidents

Outline security C. Understanding Physical Security GG. Maximum Security: Add VPN to Wireless D. What is the need of Physical Security? LAN E. Who is Accountable for Physical Security? F. Factors affecting Physical Security XVI. Virus and Worms G. Physical Security checklist A. Virus Characteristics 1. Company surroundings B. Symptoms of ‘virus-like’ attack 2. Premises C. What is a Virus Hoax? 3. Reception D. Terminologies 4. Server E. How is a worm different from virus? 5. Workstation Area Course F. Indications of a Virus Attack 6. Wireless Access Points G. Virus History 7. Other Equipments such as fax, H. Virus damage removable media etc I. Effect of Virus on Business 8. Access Control J. Access Methods of a Virus 9. Computer Equipment Maintenance K. Mode of Virus Infection 10. Wiretapping L. Life Cycle of a virus 11. Remote access M. What Virus Infect? H. Lock Picking Techniques N. How virus infect? I. Spying Technologies O. Virus/worm found in the wild: 1. W32.CIH.Spacefiller (a.k.a XVIII. Linux Hacking Chernobyl) A. Why Linux? 2. Win32/Explore.Zip Virus B. Linux basics 3. I Love You Virus Chrooting 4. Melissa Virus C. Why is Linux Hacked? 5. Pretty Park D. Linux Vulnerabilities in 2003 6. Code red Worm E. How to apply patches to vulnerable 7. W32/Klez programs 8. Bug Bear F. Scanning Networks 9. SirCam Worm G. Scanning Tool: Nessus 10. Nimda H. Cheops 11. SQL Slammer I. Port Scan detection tools: P. Writing a simple virus program 1. Klaxon Q. Writing DDOS Zombie Virus 2. Scanlogd R. Virus Construction Kits 3. PortSentry S. Virus Creation Scripts 4. LIDS (Linux Intrusion Detection T. Virus Detection Methods System) U. Virus Incident Response J. Password cracking in Linux V. What is Sheep Dip? K. Password cracking tools: W. Prevention is better than Cure 1. John the Ripper X. Anti-Virus Software 2. Viper Y. Popular Anti-Virus packages 3. Slurpie Z. New Virus found in 2004 L. IPChains AA. Virus Checkers M. IPTables BB. Blaster – Virus Analysis N. ipchains vs. ipfwadm CC. Nimda – Virus Analysis O. How to Organize Firewall Rules DD. Sasser Worm – Virus Analysis P. Security Auditor’s Research Assistant EE. Klez – Virus Analysis (SARA) FF. IDAPro Q. Hacking Tool: GG. Virus Analyzers 1. Sniffit 2. HPing2

ProTech Professional Technical Services, Inc.

EC-Council Certified Network Defense Architect (CNDA)

Course Outline (cont.)

3. Hunt 2. Symantec ManHunt 4. TCP Wrappers 3. LogIDS 1.0 R. Linux Loadable Kernel Modules 4. SnoopNetCop Standard

Outline S. Linux Rootkits: 5. Prelude Hybrid IDS version 0.8.x 1. Knark 6. Samhain 2. Torn E. Steps to perform after an IDS detects an 3. Tuxit intrusion 4. Adore F. Evading IDS systems 5. Ramen G. Tools to Evade IDS 6. Beast 1. SideStep T. Rootkit countermeasures: 2. ADMutate 1. Chkrootki 3. Mendax v.0.7.1 2. Tripwire 4. Stick Course 3. Bastille Linux 5. Fragrouter 4. LIDS(Linux Intrusion Detection 6. Anzen NIDSbench system) H. Packet Generators 5. Dtk I. Introduction to Firewalls 6. Rkdet J. Firewall Identification 7. Rootkit Hunter K. Firewalking 8. Carbonite L. Banner Grabbing 9. Rscan M. Breaching Firewalls 10. Saint Jude N. Placing Backdoors through Firewalls U. Linux Security Tools: O. Hiding Behind Covert Channel: Loki 1. Whisker 2. Flawfinder P. ACK tunneling V. Advanced Intrusion Detection System Q. Tools to Breach Firewall (AIDE) 1. 007 Shell W. Linux Security testing tools 2. ICMP Shell 1. NMap 3. AckCmd 2. LSOF 4. Covert TCP1.0 3. Netcat R. Tools for testing IDS and Firewalls 4. Nemesis S. Introduction to Honeypots X. Linux Encryption Tools: T. Honeypot Project 1. Stunnel U. Types of Honeypots 2. OpenSSH/SSH V. Honeypot: Specter 3. SSH W. Honeypot: Honeyd 4. GnuPG X. Honeypot: KFSensor Y. Linux tools: Log and traffic monitors: Y. Hacking Tool: Sebek 1. MRTG Z. Tools to Detect Honeypot 2. Swatch 1. Send-Safe Honeypot Hunter 3. Timbersee 2. Nessus Security Scanner 4. Logsurf 5. IPLog XX. Buffer Overflows 6. IPTraf A. Significance of Buffer Overflow 7. Ntop Vulnerability Z. Linux Security Auditing Tool (LSAT) B. Why are Programs/Applications AA. Linux Security countermeasures Vulnerable? C. Buffer Overflows XIX. Evading Firewalls, IDS and Honeypots D. Reasons for Buffer Overflow Attacks A. Intrusion Detection Systems E. Knowledge required writing Buffer B. Ways to Detect Intrusion Overflow Exploits C. Types of Intrusion Detection System F. How a Buffer Overflow occurs? D. Intrusion Detection Tools G. Understanding Stacks 1. Snort 2.1.0 H. Stack Implementation

ProTech Professional Technical Services, Inc.

EC-Council Certified Network Defense Architect (CNDA)

Course Outline (cont.)

I. Stack based buffer overflow A. Need for a Methodology J. Shellcode 1. Penetration Test vs. Vulnerability K. Heap Based buffer overflow Test

Outline L. How to detect Buffer Overflows in a 2. Reliance on Checklists and Program? Templates M. Attacking a real program 3. Phases of Penetration Testing N. NOPS 4. Passive Reconnaissance O. How to mutate a Buffer Overflow Exploit? 5. Best Practices featuring ADMutate 6. Results that can be expected P. Countermeasures 7. Indicative passive reconnaissance Q. Return Address Defender (RAD) steps include (but are not limited to) R. StackGuard 8. Introduction to Penetration Testing S. Immunix System 9. Type of Penetration Testing Course T. Vulnerability Search - ICAT Methodologies 10. Open Source Vs Proprietary XXI. Cryptography Methodologies A. Public-key Cryptography 11. Security Assessment Vs Security B. Working of Encryption Auditing C. Digital Signature 12. Risk Analysis D. Digital Certificate 13. Types of Penetration Testing E. RSA (Rivest Shamir Adleman) 14. Types Ethical Hacking F. RSA Attacks 15. Vulnerability Assessment Vs 1. Brute forcing RSA factoring Penetration Testing 2. Esoteric attack 16. Do-it Yourself Testing 3. Chosen cipher text attack 17. Firms Offering Penetration Testing 4. Low encryption exponent attack Services 5. Error analysis 18. Penetration Testing Insurance 6. Other attacks 19. Explication of Terms of G. MD5 Engagement H. SHA (Secure Hash Algorithm) 20. Pen-Test Service Level I. SSL (Secure Socket Layer) Agreements J. RC5 21. Offer of Compensation K. What is SSH? 22. Starting Point and Ending Points of L. Government Access to Keys (GAK) Testing M. RSA Challenge 23. Penetration Testing Locations N. distributed.net 24. Black Box Testing O. PGP (Pretty Good Privacy) 25. White Box Testing P. Code Breaking Methodologies 26. Grey Box Testing 1. Using Brute Force 27. Manual Penetration Testing 2. Frequency Analysis 28. Automated Penetration Testing 3. Trickery and Deceit 29. Selecting the Right Tools 4. One-Time Pad 30. Pen Test Using Appscan Q. Cryptography Attacks 31. HackerShield R. Disk Encryption 32. Pen-Test Using Cerberus Internet S. PGPCrack Scanner T. Magic Lantern 33. Pen-Test Using CyberCop Scanner U. WEPCrack 34. Pen-Test Using Foundscan V. Cracking S/MIME Encryption using idle 35. Pen-Test Using Nessus CPU Time 36. Pen-Test Using NetRecon W. CypherCalc 37. Pen-Test Using Retina X. Command Line Scriptor 38. Pen-Test Using SAINT Y. CryptoHeaven 39. Pen-Test Using SecureNET 40. Pen-Test Using SecureScan XXII. Penetration Testing

ProTech Professional Technical Services, Inc.

EC-Council Certified Network Defense Architect (CNDA)

Course Outline (cont.)

41. Pen-Test Using SATAN, SARA and 87. Directory and File Access Control Security Analyzer Tools 42. Pen-Test Using STAT Analyzer 88. File Share Scanning Tools

Outline 43. Pen-Test Using Twwscan 89. Password Directories 44. VigilEnt 90. Password Guessing Tools 45. WebInspect 91. Link Checking Tools 46. Evaluating Different Types of Pen- 92. Web site Crawlers Test Tools 93. Web-Testing based Scripting Tools 47. Platform on Which Tools Will be 94. Buffer Overflow Protection Tools Used 95. Buffer Overflow Generation Tools 48. Asset Audit 96. Input Data Validation Tools 49. Fault Tree and Attack Trees 97. File encryption Tools 50. GAP Analysis 98. Database Assessment Tools Course 51. Device Inventory 99. Keyboard Logging and Screen 52. Perimeter Firewall Inventory Reordering Tools 53. Web Server Inventory 100. System Event Logging and 54. Load Balancer Inventory Reviewing Tools 55. Local Area Network Inventory 101. Tripwire and Checksum Tools 56. Demilitarized Zone Firewall 102. Mobile-Code Scanning Tools 57. Internal Switch Network Sniffer 103. Centralized Security Monitoring 58. Application Server Inventory Tools 59. Database Server Inventory 104. Web Log Analysis Tools 60. Name Controller and Domain Name 105. Forensic Data and Collection Tools Server 106. Security Assessment Tools 61. Physical Security 107. Multiple OS Management Tools 62. ISP Routers B. SANS Institute TOP 20 Security 63. Legitimate Network Traffic Threat Vulnerabilities 64. Unauthorized Network Traffic 1. All Operating System Platforms Threat 2. Default installs of operating 65. Unauthorized Running Process systems and applications Threat 3. Accounts with no passwords or 66. Loss of Confidential Information weak passwords 67. Business Impact of Threat 4. Nonexistent or incomplete backups 68. Pre-testing Dependencies 5. Large number of open ports 69. Post-testing Dependencies 6. Not filtering packets for correct 70. Failure Management incoming and outgoing addresses 71. Test Documentation Processes 7. Nonexistent or incomplete logging 72. Penetration Testing Tools 8. Vulnerable Common Gateway 73. Defect Tracking Tools Interface (CGI) programs 74. Configuration Management Tools 9. Windows-specific 75. Disk Replication Tools 10. Unicode vulnerability-Web server 76. Pen-Test Project Scheduling Tools folder traversal 77. Network Auditing Tools 11. Internet server application 78. DNS Zone Transfer Testing Tools programming interface (ISAPI) 79. Trace Route Tools and Services extension buffer overflows 80. Network Sniffing Tools 12. IIS Remote Data Services (RDS) 81. Denial of Service Emulation Tools exploit 82. Traditional Load Testing Tools 13. Network Basic Input Output System 83. System Software Assessment (NetBIOS), unprotected Windows Tools networking shares 84. Operating System Protection Tools 14. Information leakage via null session 85. Fingerprinting Tools connections 86. Port Scanning Tools

ProTech Professional Technical Services, Inc.

EC-Council Certified Network Defense Architect (CNDA)

Course Outline (cont.)

15. Weak hashing in SAM (Security Accounts Manager)-LanManager hash

Outline 16. UNIX-specific 17. Buffer overflows in Remote Procedure Call (RPC) services 18. Sendmail vulnerabilities 19. Bind weaknesses 20. Remote system command (such as rcp, rlogin, and rsh) vulnerabilities 21. Line Printer Daemons (LPD) vulnerabilities 22. Sadmind and mountd exploits Course 23. Default Simple Network Management Protocol (SNMP) strings C. Penetration Testing Deliverable Templates 1. Test Status Report Identifier 2. Test Variances 3. Test Comprehensive Assessment 4. Summary of Results (Incidents) 5. Test Evaluation 6. Names of Persons (Approval) 7. Template Test Incident Report 8. Template Test Log D. Active Reconnaissance E. Attack Phase F. Activity: Perimeter Testing G. Activity: Web Application Testing – I H. Activity: Web Application Testing – II I. Activity: Wireless Testing J. Activity: Acquiring Target K. Activity: Escalating Privileges L. Activity: Execute, Implant & Retract M. Post Attack Phase & Activities N. Automated Penetration Testing Tool - CORE Impact