EC Council Cert ified Et hical Hacker

Course Code: CEH

Length: 5 Days (10am-6pm)

Course Description: This 5-day class will immerse the student into an interactive environment where they will be shown
how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth
knowledge and practical experience with the current essential security systems. Students will begin by understanding how
perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed.
Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also
learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation.
When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

Students are required to have taken EC Council’s ENSA course, or have equivalent experience.

Certification
The CEH 312-50 online Prometric exam needs to be passed by students following training to receive the CEH certification.

Legal Agreement
Ethical Hacking and Countermeasures course mission is to educate, introduce and demonstrate hacking tools for
penetration testing purposes only. Prior to attending this course, you will be asked to sign an agreement stating that you will
not use the newly acquired skills for illegal or malicious attacks and you will not use such tools in an attempt to compromise
any computer system, and to indemnify EC-Council with respect to the use or misuse of these tools, regardless of intent.

̇ Hacktivism
̇
Module 1: Introduction to Ethical Hacking
̇
Hacker Classes
Problem Definition -Why Security? ̇
̇
Security News: Suicide Hacker
Essential Terminologies ̇
̇
Ethical Hacker Classes
Elements of Security ̇
̇
What do Ethical Hackers do
The Security, Functionality and Ease of Use Triangle ̇
̇
Can Hacking be Ethical
Case Study ̇
̇
How to become an Ethical Hacker
What does a Malicious Hacker do? ̇
̇
Skill Profile of an Ethical Hacker
Phase1-Reconnaissaance ̇
̇
What is Vulnerability Research
Phase2-Scanning ̇
̇
Why Hackers Need Vulnerability Research
Phase3-Gaining Access ̇
̇
Vulnerability Research Tools
Phase4-Maintaining Access ̇
̇
Vulnerability Research Websites
Phase5-Covering Tracks ̇
̇
National Vulnerability Database (nvd.nist.gov)
Types of Hacker Attacks ̇ Securitytracker (www.securitytracker.com)
̇ Securiteam (www.securiteam.com)
 ̇ Secunia (www.secunia.com) ̇ Defining Footprinting
̇ Hackerstorm Vulnerability Database Tool ̇ Why is Footprinting Necessary
(www.hackerstrom.com) ̇ Areas and Information which Attackers Seek
̇ HackerWatch (www.hackerwatch.org) ̇ Information Gathering Methodology
̇ MILWORM ̇ Unearthing Initial Information
̇ How to Conduct Ethical Hacking ̇ Finding Company’s URL
̇ How Do They Go About It ̇ Internal URL
̇ Approaches to Ethical Hacking ̇ Extracting Archive of a Website
̇ Ethical Hacking Testing ̇ www.archive.org
̇ Ethical Hacking Deliverables ̇ Google Search for Company’s Info
̇ Computer Crimes and Implications ̇ People Search
̇ Yahoo People Search
̇
Module 2: Hacking Laws
̇
Satellite Picture of a Residence
̇
U.S. Securely Protect Yourself Against Cyber
Best PeopleSearch
̇
Trespass Act (SPY ACT)
̇
People-Search-America.com
̇
Legal Perspective (U.S. Federal Law)
̇
Switchboard
̇
United Kingdom’s Cyber Laws
̇
Anacubis
̇
United Kingdom: Police and Justice Act 2006
̇
Google Finance
̇
European Laws
̇
Yahoo Finance
̇
Japan’s Cyber Laws
̇
Footprinting through Job Sites
̇
Australia : The Cybercrime Act 2001
̇
Passive Information Gathering
̇
Indian Law: THE INFORMTION TECHNOLOGY ACT
̇
Competitive Intelligence Gathering
̇
Argentina Laws
̇
Why Do You Need Competitive Intelligence?
̇
Germany’s Cyber Laws
̇
Competitive Intelligence Resource
̇
Singapore’s Cyber Laws
̇
Companies Providing Competitive Intelligence
Belgium Law
̇
Services
̇
Brazilian Laws
̇
Carratu International
̇
Canadian Laws
̇
CI Center
̇
France Laws
̇
Competitive Intelligence - When Did This Company
German Laws
̇
Begin? How Did It Develop?
Italian Laws ̇
̇
Competitive Intelligence - Who Leads This Company
Malaysia Laws ̇
̇
Competitive Intelligence - What Are This Company's
Hong Kong Laws Plans
̇ Korea Laws ̇ Competitive Intelligence - What Does Expert Opinion
̇ Greece Laws Say About The Company
̇ Denmark Laws ̇ Competitive Intelligence - Who Are The Leading
̇ Netherlands Laws Competitors?
̇ Norway ̇ Competitive Intelligence Tool: Trellian
̇ Ordinance ̇ Competitive Intelligence Tool: Web Investigator
̇ Mexico ̇ Footprinting Tools
̇ Switzerland ̇ Types of DNS Records
̇ Necrosoft Advanced DIG
̇
Module 3: Footprinting
ARIN
̇ Revisiting Reconnaissance ̇ Traceroute
 ̇ Traceroute Analysis Module 5: Scanning
̇ 3D Traceroute ̇
̇
Scanning: Definition
NeoTrace ̇
̇
Types of Scanning
VisualRoute Trace ̇
̇
Objectives of Scanning
Path Analyzer Pro ̇
̇
CEH Scanning Methodology
Maltego ̇
̇
War Dialer Technique
Layer Four Traceroute ̇
̇
Banner Grabbing
Prefix WhoIs widget ̇
̇
Vulnerability Scanning
Touchgraph ̇
̇
SAFEsuite Internet Scanner, IdentTCPScan
VisualRoute Mail Tracker ̇
̇
Draw Network Diagrams of Vulnerable Hosts
eMailTrackerPro ̇
̇
Insightix Visibility
Read Notify ̇
̇
IPCheck Server Monitor
E-Mail Spiders ̇
̇
PRTG Traffic Grapher
Steps to Create Fake Login Pages ̇
̇
Preparing Proxies
How to Create Fake Login Pages ̇
̇
Scanning Countermeasures
Faking Websites using Man-in-the-Middle Phishing ̇ Tool: SentryPC
Kit
̇ Benefits to Fraudster Module 6: Enumeration
̇ Steps to Perform Footprinting ̇ Overview of System Hacking Cycle
̇ What is Enumeration?
̇
Module 4: Google Hacking
̇
Techniques for Enumeration
̇
What is Google hacking
̇
NetBIOS Null Sessions
̇
What a hacker can do with vulnerable site
̇
PS Tools
̇
Anonymity with Caches
̇
Simple Network Management Protocol (SNMP)
Using Google as a Proxy Server
̇
Enumeration
Directory Listings ̇
̇
Winfingerprint
Going Out on a Limb: Traversal Techniques ̇
̇
IP Tools Scanner
Extension Walking ̇
̇
Enumerate Systems Using Default Password
Site Operator ̇
̇
Tools
Searching for Exploit Code with Nonstandard ̇ Steps to Perform Enumeration
Extensions
̇ Locating Source Code with Common Strings Module 7: System Hacking
̇ Locating Vulnerable Targets ̇ Part 1- Cracking Password
̇ “Powered by” Tags Are Common Query Fodder for ̇ Part2-Escalating Privileges
Finding Web Applications ̇
̇
Part3-Executing applications
Vulnerable Web Application Examples ̇
̇
Part4-Hiding files
A Single CGI Scan-Style Query ̇
̇
Least Significant Bit Insertion in Image filea
Directory Listings ̇
̇
Process of Hiding Information in Image Files
Web Server Software Error Messages ̇
̇
Masking and Filtering in Image files
Apache 2.0 Error Pages ̇
̇
Algorithms and transformation
Application Software Error Messages ̇
̇
Part5-Covering Tracks
Default Pages
̇ Searching for Passwords Module 8: Trojans and Backdoors
̇ Google Hacking Database (GHDB) ̇ Effect on Business
 ̇ What is a Trojan? ̇ Virus Classification
̇ Remote Access Trojans ̇ How Does a Virus Infect?
̇ Data-Sending Trojans ̇ Storage Patterns of Virus
̇ Destructive Trojans ̇ Famous Virus/Worms – I Love You Virus
̇ Denial-of-Service (DoS) Attack Trojans ̇ Famous Virus/Worms – Melissa
̇ Proxy Trojans ̇ Famous Virus/Worms – JS/Spth
̇ FTP Trojans ̇ Klez Virus Analysis
̇ Security Software Disablers ̇ Latest Viruses
̇ Indications of a Trojan Attack ̇ Top 10 Viruses- 2008
̇ Ports Used by Trojans ̇ Writing a Simple Virus Program
̇ Trojans ̇ Virus Construction Kits
̇ Classic Trojans Found in the Wild ̇ Virus Detection Methods
̇ Trojan: RECUB ̇ Virus Incident Response
̇ Hacking Tool: Loki ̇ What is Sheep Dip?
̇ Loki Countermeasures ̇ Virus Analysis – IDA Pro Tool
̇ Atelier Web Remote Commander ̇ Prevention is better than Cure
̇ Trojan Horse Construction Kit ̇ Anti-Virus Software
̇ How to Detect Trojans? ̇ Popular Anti-Virus Packages
̇ Anti-Trojan Software ̇ Virus Databases
̇ Evading Anti-Virus Techniques
̇
Module 10: Sniffers
̇
Sample Code for Trojan Client/Server
̇ Definition - Sniffing
̇
Evading Anti-Trojan/Anti-Virus using Stealth Tools
̇ Protocols Vulnerable to Sniffing
̇
Backdoor Countermeasures
̇ Tool: Network View – Scans the Network for Devices
̇
Tripwire
̇ The Dude Sniffer
̇
System File Verification
̇ Wireshark
̇
MD5 Checksum.exe
̇ Display Filters in Wireshark
̇
Microsoft Windows Defender
̇ Following the TCP Stream in Wireshark
̇
How to Avoid a Trojan Infection
Cain and Abel
Module 9: Viruses and Worms ̇ Tcpdump
̇ Virus History ̇ Tcpdump Commands
̇ Characteristics of Virus ̇ Types of Sniffing
̇ Working of Virus ̇ What is ARP
̇ Why people create Computer Viruses ̇ Linux Sniffing Tools (dsniff package)
̇ Symptoms of a Virus-like Attack ̇ DNS Poisoning Techniques
̇ Virus Hoaxes ̇ Interactive TCP Relay
̇ Chain Letters ̇ Interactive Replay Attacks
̇ How is a Worm Different from a Virus ̇ Raw Sniffing Tools
̇ Indications of a Virus Attack ̇ Features of Raw Sniffing Tools
̇ Hardware Threats ̇ How to Detect Sniffing
̇ Software Threats ̇ Countermeasures
̇ Virus Damage
̇
Module 11: Social Engineering
̇
Stages of Virus Life
What is Social Engineering?
 ̇ Human Weakness ̇ Botnets
̇ “Rebecca” and “Jessica” ̇ Uses of Botnets
̇ Office Workers ̇ Types of Bots
̇ Types of Social Engineering ̇ How Do They Infect? Analysis Of Agabot
̇ How Do They Infect
̇
Module 13: Hacking Email Accounts
̇
Tool: Nuclear Bot
Ways for Getting Email Account Information ̇
̇
What is DDoS Attack
Stealing Cookies ̇
̇
Characteristics of DDoS Attacks
Social Engineering ̇
̇
DDOS Unstoppable
Password Phishing ̇
̇
Agent Handler Model
Fraudulent e-mail Messages ̇
̇
DDoS IRC based Model
Vulnerabilities ̇
̇
DDoS Attack Taxonomy
Web Email ̇
̇
Amplification Attack
Reaper Exploit ̇
̇
Reflective DNS Attacks
Tool: Advanced Stealth Email Redirector ̇
̇
Reflective DNS Attacks Tool: ihateperl.pl
Tool: Mail PassView ̇
̇
DDoS Tools
Tool: Email Password Recovery Master ̇
̇
Worms
Tool: Mail Password ̇
̇
Slammer Worm
Email Finder Pro ̇
̇
Spread of Slammer Worm – 30 min
Email Spider Easy ̇
̇
MyDoom.B
Kernel Hotmail MSN Password Recovery ̇
̇
SCO Against MyDoom Worm
Retrieve Forgotten Yahoo Password ̇
̇
How to Conduct a DDoS Attack
MegaHackerZ ̇
̇
The Reflected DoS Attacks
Hack Passwords ̇
̇
Reflection of the Exploit
Creating Strong Passwords ̇
̇
Countermeasures for Reflected DoS
Creating Strong Passwords: Change Password ̇
̇
DDoS Countermeasures
Creating Strong Passwords: Trouble Signing In ̇
̇
Taxonomy of DDoS Countermeasures
Sign-in Seal ̇
̇
Preventing Secondary Victims
Alternate Email Address ̇
̇
Detect and Neutralize Handlers
Keep Me Signed In/ Remember Me ̇
̇
Detect Potential Attacks
Tool: Email Protector ̇
̇
DoSHTTP Tool
Tool: Email Security ̇
̇
Mitigate or Stop the Effects of DDoS Attacks
Tool: EmailSanitizer ̇
̇
Deflect Attacks
Tool: Email Protector ̇
̇
Post-attack Forensics
Tool: SuperSecret ̇ Packet Traceback
Module 14: Denial-of-Service Module 15: Session Hijacking
̇ Real World Scenario of DoS Attacks ̇
̇
What is Session Hijacking?
What are Denial-of-Service Attacks ̇
̇
Spoofing v Hijacking
Goal of DoS ̇
̇
Steps in Session Hijacking
Impact and the Modes of Attack ̇
̇
Types of Session Hijacking
Types of Attacks ̇
̇
Session Hijacking Levels
DoS Attack Classification ̇
̇
Network Level Hijacking
Bot (Derived from the Word RoBOT)
 ̇ The 3-Way Handshake Module 17: Web Application Vulnerabilities
̇ TCP Concepts 3-Way Handshake ̇
̇
Web Application Setup
Sequence Numbers ̇
̇
Web application Hacking
Sequence Number Prediction ̇
̇
Anatomy of an Attack
TCP/IP hijacking ̇
̇
Web Application Threats
IP Spoofing: Source Routed Packets ̇
̇
Cross-Site Scripting/XSS Flaws
RST Hijacking ̇
̇
SQL Injection
Blind Hijacking ̇
̇
Command Injection Flaws
Man in the Middle: Packet Sniffer ̇
̇
Cookie/Session Poisoning
UDP Hijacking ̇
̇
Parameter/Form Tampering
Application Level Hijacking ̇
̇
Hidden Field at
Programs that Performs Session Hacking ̇
̇
Buffer Overflow
Dangers that hijacking Pose ̇
̇
Directory Traversal/Forceful Browsing
Protecting against Session Hijacking ̇
̇
Cryptographic Interception
Countermeasures: IPSec ̇ Cookie Snooping
Module 16: Hacking Web Servers ̇ Authentication Hijacking
̇
̇
Log Tampering
̇
How Web Servers Work
̇
Error Message Interception
̇
How are Web Servers Compromised
̇
Attack Obfuscation
̇
Web Server Defacement
̇
Platform Exploits
̇
Apache Vulnerability
̇
DMZ Protocol Attacks
̇
Attacks against IIS
̇
Security Management Exploits
̇
Unicode
̇
TCP Fragmentation
̇
Hacking Tool
̇
Hacking Tools
Tool: Metasploit Framework
̇ Tool: Immunity CANVAS Professional Module 18: Web-Based Password Cracking Techniques
̇ Tool: Core Impact ̇
̇
Authentication - Definition
Tool: MPack ̇
̇
Authentication Mechanisms
Tool: Neosploit ̇
̇
Bill Gates at the RSA Conference 2006
Hotfixes and Patches ̇
̇
How to Select a Good Password
What is Patch Management ̇
̇
Things to Avoid in Passwords
Patch Management Checklist ̇
̇
Changing Your Password
Vulnerability Scanners ̇
̇
Protecting Your Password
Online Vulnerability Search Engine ̇
̇
Examples of Bad Passwords
Network Tool: Whisker ̇
̇
The “Mary Had A Little Lamb” Formula
Network Tool: N-Stealth HTTP Vulnerability Scanner ̇
̇
How Hackers Get Hold of Passwords
Hacking Tool: WebInspect ̇
̇
Windows XP: Remove Saved Passwords
Network Tool: Shadow Security Scanner ̇
̇
What is a Password Cracker
Secure IIS ̇
̇
Modus Operandi of an Attacker Using a Password
Countermeasures Cracker
̇ Increasing Web Server Security ̇ How Does a Password Cracker Work
̇ Web Server Protection Checklist ̇ Attacks - Classification
̇ Password Crackers Available
 ̇ Countermeasures ̇ WEP and WPA
̇ Attacks and Hacking Tools
̇
Module 19: SQL Injection
̇
Scanning Tools
What is SQL Injection ̇
̇
Sniffing Tools
Exploiting Web Applications ̇
̇
Hacking Wireless Networks
Steps for performing SQL injection ̇
̇
Wireless Security
What You Should Look For ̇
̇
Wireless Security Tools
What If It Doesn’t Take Input
̇ OLE DB Errors Module 21: Physical Security
̇ Input Validation Attack ̇ Security Facts
̇ SQL injection Techniques ̇ Understanding Physical Security
̇ How to Test for SQL Injection Vulnerability ̇ Physical Security
̇ How Does It Work ̇ What Is the Need for Physical Security
̇ BadLogin.aspx.cs ̇ Who Is Accountable for Physical Security
̇ BadProductList.aspx.cs ̇ Factors Affecting Physical Security
̇ Executing Operating System Commands ̇ Physical Security Checklist
̇ Getting Output of SQL Query ̇ Information Security
̇ Getting Data from the Database Using ODBC Error ̇ EPS (Electronic Physical Security)
Message ̇ Wireless Security
̇ How to Mine all Column Names of a Table ̇ Laptop Theft Statistics for 2007
̇ How to Retrieve any Data ̇ Statistics for Stolen and Recovered Laptops
̇ How to Update/Insert Data into Database ̇ Laptop Theft
̇ SQL Injection in Oracle ̇ Laptop theft: Data Under Loss
̇ SQL Injection in MySql Database ̇ Laptop Security Tools
̇ Attacking Against SQL Servers ̇ Laptop Tracker - XTool Computer Tracker
̇ SQL Server Resolution Service (SSRS) ̇ Tools to Locate Stolen Laptops
̇ Osql -L Probing ̇ Stop's Unique, Tamper-proof Patented Plate
̇ SQL Injection Automated Tools ̇ Tool: TrueCrypt
̇ Automated SQL Injection Tool: AutoMagic SQL ̇ Laptop Security Countermeasures
̇ Absinthe Automated SQL Injection Tool ̇ Mantrap
̇ Blind SQL Injection ̇ TEMPEST
̇ SQL Injection Countermeasures ̇ Challenges in Ensuring Physical Security
̇ Preventing SQL Injection Attacks ̇ Spyware Technologies
̇ GoodLogin.aspx.cs ̇ Spying Devices
̇ SQL Injection Blocking Tool: SQL Block ̇ Physical Security: Lock Down USB Ports
̇ Acunetix Web Vulnerability Scanner ̇ Tool: DeviceLock
̇ Blocking the Use of USB Storage Devices
̇
Module 20: Hacking Wireless Networks
Track Stick GPS Tracking Device

̇
Module 22: Linux Hacking
̇
Introduction to Wireless
̇ Why Linux
̇
Introduction to Wireless Networking
̇ Linux Distributions
̇
Wireless Standards
̇ Linux Live CD-ROMs
̇
Wireless Concepts and Devices
Basic Commands of Linux: Files & Directories
̇ Linux Basic ̇ Linux Tools: Application Security
̇ Directories in Linux ̇ Advanced Intrusion Detection Environment (AIDE)
̇ Installing, Configuring, and Compiling Linux Kernel ̇ Linux Tools: Security Testing Tools
̇ How to Install a Kernel Patch ̇ Linux Tools: Encryption
̇ Compiling Programs in Linux ̇ Linux Tools: Log and Traffic Monitors
̇ GCC Commands ̇ Linux Security Auditing Tool (LSAT)
̇ Make Files ̇ Linux Security Countermeasures
̇ Make Install Command ̇ Steps for Hardening Linux
̇ Linux Vulnerabilities
̇
Module 23: Evading IDS, Firewalls and Detecting Honey
Chrooting
̇
Pots
̇
Why is Linux Hacked
̇
Introduction to Intrusion Detection System
̇
How to Apply Patches to Vulnerable Programs
̇
Terminologies
̇
Scanning Networks
̇
Intrusion Detection System (IDS)
̇
Nmap in Linux
̇
IDS Evading Tool: ADMutate
̇
Scanning Tool: Nessus
̇
Packet Generators
̇
Port Scan Detection Tools
̇
What is a Firewall?
̇
Password Cracking in Linux: Xcrack
̇
Common Tool for Testing Firewall and IDS
̇
Firewall in Linux: IPTables
̇
What is Honeypot?
̇
IPTables Command
̇
Low-interaction honeypot
̇
Basic Linux Operating System Defense
̇
Medium-interaction honeypot
̇
SARA (Security Auditor's Research Assistant)
̇
High-interaction honeypot
̇
Linux Tool: Netcat
̇
Tools to Detect Honeypots
̇
Linux Tool: tcpdump
̇
What to do when hacked
Linux Tool: Snort
̇ Linux Tool: SAINT Module 24: Buffer Overflows
̇ Linux Tool: Wireshark ̇
̇
Why are Programs/Applications Vulnerable
Linux Tool: Abacus Port Sentry ̇
̇
Buffer Overflows
Linux Tool: DSniff Collection ̇
̇
Reasons for Buffer Overflow Attacks
Linux Tool: Hping2 ̇
̇
Knowledge Required to Program Buffer Overflow
Linux Tool: Sniffit Exploits
̇ Linux Tool: Nemesis ̇ Understanding Stacks
̇ Linux Tool: LSOF ̇ Understanding Heaps
̇ Linux Tool: IPTraf ̇ Types of Buffer Overflows: Stack-based Buffer
̇ Linux Tool: LIDS Overflow
̇ Hacking Tool: Hunt ̇ Types of Buffer Overflows: Heap-based Buffer
̇ Tool: TCP Wrappers Overflow
̇ Linux Loadable Kernel Modules ̇ Understanding Assembly Language
̇ Hacking Tool: Linux Rootkits ̇ How to Detect Buffer Overflows in a Program
̇ Rootkits: Knark & Torn ̇ NOPs
̇ Rootkits: Tuxit, Adore, Ramen ̇ How to Mutate a Buffer Overflow Exploit
̇ Rootkit: Beastkit ̇ Defense Against Buffer Overflows
̇ Rootkit Countermeasures ̇ Buffer Overflow Protection Solution: Libsafe
̇ ‘chkrootkit’ detects the following Rootkits ̇ Simple Buffer Overflow in C
Module 25: Cryptography ̇ Code Breaking: Methodologies

̇ ̇ Cryptanalysis
̇
Introduction to Cryptography
̇ Cryptography Attacks
̇
Classical Cryptographic Techniques
̇ Brute-Force Attack
̇
Cryptographic Algorithms
̇ Cracking S/MIME Encryption Using Idle CPU Time
̇
RSA (Rivest Shamir Adleman)
̇ distributed.net
̇
Data Encryption Standard (DES)
̇ RC4, RC5, RC6, Blowfish Use Of Cryptography

̇ Message Digest Functions Module 26: Penetration Testing

̇
̇
SSL (Secure Sockets Layer)
̇
Introduction to Penetration Testing (PT)
̇
What is SSH?
̇
Categories of security assessments
̇
Algorithms and Security
̇
Vulnerability Assessment
̇
Disk Encryption
̇
Limitations of Vulnerability Assessment
̇
Government Access to Keys (GAK)
̇
Penetration Testing
̇
Digital Signature
̇
Types of Penetration Testing
̇
Digital Certificates
̇
Risk Management
̇
PGP (Pretty Good Privacy)
̇
Do-It-Yourself Testing
̇
CypherCalc
̇
Outsourcing Penetration Testing Services
̇
Command Line Scriptor
̇
Terms of Engagement
̇
CryptoHeaven
̇
Project Scope
̇
Hacking Tool: PGP Crack
̇
Pentest Service Level Agreements
̇
Magic Lantern
̇
Testing points
̇
Advanced File Encryptor
̇
Testing Locations
̇
Encryption Engine
̇
Automated Testing
̇
Encrypt Files
̇
Manual Testing
̇
Encrypt PDF
̇
Using DNS Domain Name and IP Address
Encrypt Easy
̇
Information
Encrypt my Folder ̇
̇
Enumerating Information about Hosts on Publicly
Advanced HTML Encrypt and Password Protect Available Networks
̇ Encrypt HTML source ̇ Testing Network-filtering Devices
̇ Alive File Encryption ̇ Enumerating Devices
̇ Omziff ̇ Denial-of-Service Emulation
̇ ABC CHAOS ̇ Pentest using Appscan
̇ EncryptOnClick ̇ HackerShield
̇ CryptoForge ̇ Pen-Testing
̇ SafeCryptor ̇ Evaluating Different Types of Pen-Test Tools
̇ CrypTool ̇ Asset Audit
̇ Microsoft Cryptography Tools ̇ Fault Tree and Attack Trees
̇ Polar Crypto Light ̇ GAP Analysis
̇ CryptoSafe ̇ Threat
̇ Crypt Edit ̇ Calculating Relative Criticality
̇ CrypSecure ̇ Test Dependencies
̇ Cryptlib ̇ Defect Tracking Tools: Bug Tracker Server
̇ Crypto++ Library ̇ Disk Replication Tools
 ̇ DNS Zone Transfer Testing Tools ̇ Motivation of a Firewall Bypass
̇ Network Auditing Tools ̇ Covert Channels Scope
̇ Trace Route Tools and Services ̇ Covert Channel: Attack Techniques
̇ Network Sniffing Tools ̇ Simple Covert Attacks
̇ Denial of Service Emulation Tools ̇ Advanced Covert Attacks
̇ Traditional Load Testing Tools ̇ Standard Direct Connection
̇ System Software Assessment Tools ̇ Reverse Shell (Reverse Telnet)
̇ Operating System Protection Tools ̇ Direct Attack Example
̇ Fingerprinting Tools ̇ In-Direct Attack Example
̇ Port Scanning Tools ̇ Reverse Connecting Agents
̇ Directory and File Access Control Tools ̇ Covert Channel Attack Tools
̇ File Share Scanning Tools ̇ Covert Channel Hacking Tool: Active Port Forwarder
̇ Password Directories ̇ Covert Channel Hacking Tools
̇ Password Guessing Tools ̇ Hydan
̇ Link Checking Tools
̇
Module 28: Writing Virus Codes
̇
Web-Testing Based Scripting tools
̇ Introduction of Virus
̇
Buffer Overflow protection Tools
̇ Types of Viruses
̇
File Encryption Tools
̇ Symptoms of a Virus Attack
̇
Database Assessment Tools
̇ Prerequisites for Writing Viruses
̇
Keyboard Logging and Screen Reordering Tools
̇ Required Tools and Utilities
̇
System Event Logging and Reviewing Tools
̇ Virus Infection Flow Chart
̇
Tripwire and Checksum Tools
̇ Components of Viruses
̇
Mobile-code Scanning Tools
̇ Testing Virus Codes
̇
Centralized Security Monitoring Tools
̇ Web Log Analysis Tools Tips for Better Virus Writing

̇ Forensic Data and Collection Tools Module 29: Assembly Language Tutorial
̇
̇
Security Assessment Tools
̇
Base 10 System
̇
Multiple OS Management Tools
̇
Base 2 System
̇
Phases of Penetration Testing
̇
Decimal 0 to 15 in Binary
̇
Pre-attack Phase
̇
Binary Addition (C stands for Canary)
̇
Best Practices
̇
Hexadecimal Number
̇
Results that can be Expected
̇
Hex Example
̇
Passive Reconnaissance
̇
Hex Conversion
̇
Active Reconnaissance
̇
nibble
̇
Attack Phase
̇
Computer memory
̇
Post Attack Phase and Activities
̇
Characters Coding
̇
Penetration Testing Deliverables Templates
ASCII and UNICODE
Module 27: Covert Hacking ̇ CPU

̇ ̇ Machine Language
̇
Insider Attacks
̇ Compilers
̇
What is Covert Channel?
̇ Clock Cycle
̇
Security Breach
̇ Original Registers
̇
Why Do You Want to Use Covert Channel?
Instruction Pointer
̇ Pentium Processor ̇ The Stack Usage
̇ Interrupts ̇ The CALL and RET Instructions
̇ Interrupt handler ̇ General subprogram form
̇ External interrupts and Internal interrupts ̇ Local variables on the stack
̇ Handlers ̇ General subprogram form with local variables
̇ Machine Language ̇ Multi-module program
̇ Assembly Language ̇ Saving registers
̇ Assembler ̇ Labels of functions
̇ Assembly Language Vs High-level Language ̇ Calculating addresses of local variables
̇ Assembly Language Compilers
̇
Module 30: Exploit Writing
̇
Instruction operands
̇ Exploits Overview
̇
MOV instruction
̇ Prerequisites for Writing Exploits and Shellcodes
̇
ADD instruction
̇ Purpose of Exploit Writing
̇
SUB instruction
̇ Types of Exploits
̇
INC and DEC instructions
̇ Stack Overflow
̇
Directive
̇ Heap Corruption
̇
preprocessor
̇ The Proof-of-Concept and Commercial Grade Exploit
̇
equ directive
̇ %define directive Converting a Proof of Concept Exploit to Commercial

̇
Grade Exploit
̇
Data directives
̇
Attack Methodologies
̇
Labels
̇
Socket Binding Exploits
̇
Input and output
̇
Tools for Exploit Writing
̇
C Interface
̇
Steps for Writing an Exploit
̇
Call
̇
Differences Between Windows and Linux Exploits
̇
Creating a Program
̇
Shellcodes
̇
Why should anyone learn assembly at all?
̇
NULL Byte
̇
Assembling the code
̇
Types of Shellcodes
̇
Compiling the C code
̇
Tools Used for Shellcode Development
̇
Linking the object files
̇
Steps for Writing a Shellcode
̇
Understanding an assembly listing file
̇
Issues Involved With Shellcode Writing
Big and Little Endian Representation
̇ Skeleton File Module 31: Smashing the Stack for Fun and Profit
̇ Working with Integers ̇
̇
What is a Buffer?
Signed integers ̇
̇
Static Vs Dynamic Variables
Signed Magnitude ̇
̇
Stack Buffers
Two’s Compliment ̇
̇
Data Region
If statements ̇
̇
Memory Process Regions
Do while loops ̇
̇
What Is A Stack?
Indirect addressing ̇
̇
Why Do We Use A Stack?
Subprogram ̇
̇
The Stack Region
The Stack ̇
̇
Stack frame
The SS segment ̇
̇
Stack pointer
ESP ̇ Procedure Call (Procedure Prolog)
 ̇ Compiling the code to assembly ̇ Offset Address
̇ Call Statement ̇ The Query
̇ Return Address (RET) ̇ Finding jmp esp
̇ Word Size ̇ Debug.exe
̇ Stack ̇ listdlls.exe
̇ Buffer Overflows ̇ Msvcrt.dll
̇ Error ̇ Out.sql
̇ Why do we get a segmentation violation? ̇ The payload
̇ Segmentation Error ̇ ESP
̇ Instruction Jump ̇ Limited Space
̇ Guess Key Parameters ̇ Getting Windows API/function absolute address
̇ Calculation ̇ Memory Address
̇ Shell Code ̇ Other Addresses
̇ The code in Assembly ̇ Compile the program
̇ JMP ̇ Final Code
̇ Code using indexed addressing
̇
Module 33: Reverse Engineering
̇
Offset calculation
̇ Positive Applications of Reverse Engineering
̇
shellcodeasm.c
̇ Ethical Reverse Engineering
̇
testsc.c
̇ World War Case Study
̇
Compile the code
̇ DMCA Act
̇
NULL byte
̇ What is Disassembler?
̇
shellcodeasm2.c
̇ Why do you need to decompile?
̇
testsc2.c
̇ Professional Disassembler Tools
̇
Writing an Exploit
̇ Tool: IDA Pro
̇
overflow1.c
̇ Convert Machine Code to Assembly Code
̇
Compiling the code
̇ Decompilers
̇
sp.c
̇ Program Obfuscation
̇
vulnerable.c
̇ Convert Assembly Code to C++ code
̇
NOPs
Machine Decompilers
Module 32: Windows Based Buffer Overflow Exploit ̇ Tool: dcc
̇
Writing
Machine Code of compute.exe Prorgam
̇ Buffer Overflow ̇ Assembly Code of compute.exe Program
̇ Stack overflow ̇ Code Produced by the dcc Decompiler in C
̇ Writing Windows Based Exploits ̇ Tool: Boomerang
̇ Exploiting stack based buffer overflow ̇ What Boomerang Can Do?
̇ OpenDataSource Buffer Overflow Vulnerability ̇ Andromeda Decompiler
Details ̇
̇
Tool: REC Decompiler
Simple Proof of Concept ̇
̇
Tool: EXE To C Decompiler
Windbg.exe ̇
̇
Delphi Decompilers
Analysis ̇
̇
Tools for Decompiling .NET Applications
EIP Register ̇
̇
Salamander .NET Decompiler
Execution Flow ̇
̇
Tool: LSW DotNet-Reflection-Browser
But where can we jump to?
 ̇ Tool: Reflector ̇ Eigrp-tool
̇ Tool: Spices NET.Decompiler ̇ Tool: Zebra
̇ Tool: Decompilers.NET ̇ Tool: Yersinia for HSRP, CDP, and other layer 2
̇ .NET Obfuscator and .NET Obfuscation attacks
̇ Java Bytecode Decompilers ̇ Tool: Cisco Torch
̇ Tools ̇ Monitoring SMTP(port25) Using SLcheck
̇ Python Decompilers ̇ Monitoring HTTP(port 80)
̇ Reverse Engineering Tutorial ̇ Cable Modem Hacking
̇ OllyDbg Debugger
̇
Module 36: Hacking Mobile Phones, PDA and Handheld
How Does OllyDbg Work? Devices
̇
̇
Debugging a Simple Console Application
Different OS in Mobile Phone
Module 34: MAC OS X Hacking ̇ Different OS Structure in Mobile Phone

̇ ̇ Evolution of Mobile Threat

̇
Introduction to MAC OS
̇ Threats
̇
Vulnerabilities in MAC
̇ What Can A Hacker Do
̇
How a Malformed Installer Package Can Crack Mac
OS X Vulnerabilities in Different Mobile Phones
̇ Worm and Viruses in MAC ̇ Malware
̇ Anti-Viruses in MAC ̇ Spyware
̇ Mac Security Tools ̇ Blackberry
̇ Countermeasures ̇ PDA
̇ iPod
̇
Module 35: Hacking Routers, cable Modems and
Mobile: Is It a Breach to Enterprise Security?
̇
Firewalls
̇
Viruses
Network Devices ̇
̇
Antivirus
Identifying a Router ̇
̇
Security Tools
SING: Tool for Identifying the Router ̇
̇
Defending Cell Phones and PDAs Against Attack
HTTP Configuration Arbitrary Administrative Access ̇ Mobile Phone Security Tips
Vulnerability
̇ ADMsnmp Module 37: Bluetooth Hacking
̇ Solarwinds MIB Browser ̇ Bluetooth Introduction
̇ Brute-Forcing Login Services ̇ Security Issues in Bluetooth
̇ Hydra ̇ Security Attacks in Bluetooth Devices
̇ Analyzing the Router Config ̇ Bluetooth hacking tools
̇ Cracking the Enable Password ̇ Bluetooth Viruses and Worms
̇ Tool: Cain and Abel ̇ Bluetooth Security tools
̇ Implications of a Router Attack ̇ Countermeasures
̇ Types of Router Attacks
̇
Module 38: VoIP Hacking
Router Attack Topology
̇ Denial of Service (DoS) Attacks ̇ What is VoIP
̇ Packet “Mistreating” Attacks ̇ VoIP Hacking Steps
̇ Routing Table Poisoning ̇ Footprinting
̇ Hit-and-run Attacks vs. Persistent Attacks ̇ Scanning
̇ Cisco Router ̇ Enumeration
 ̇ REGISTER Username Enumeration ̇ How Spamming is performed
̇ INVITE Username Enumeration ̇ Spammer: Statistics
̇ OPTIONS Username Enumeration ̇ Worsen ISP: Statistics
̇ Automated OPTIONS Scanning with sipsak ̇ Top Spam Effected Countries: Statistics
̇ Automated REGISTER, INVITE and OPTIONS ̇ Types of Spam Attacks
Scanning with SIPSCAN against SIP server ̇ Spamming Tools
̇ Automated OPTIONS Scanning Using SIPSCAN ̇ Anti-Spam Techniques
against SIP Phones ̇
̇
Anti- Spamming Tools
Steps to Exploit the Network ̇
̇
Countermeasures
How to Insert Rogue Application
̇ SIP Rogue Application Module 41: Hacking USB Devices
̇ Listening to/Recording Calls ̇ Introduction to USB Devices
̇ Replacing/Mixing Audio ̇ Electrical Attack
̇ Dropping Calls with a Rogue SIP Proxy ̇ Software Attack
̇ Randomly Redirect Calls with a Rogue SIP Proxy ̇ USB Attack on Windows
̇ Additional Attacks with a Rogue SIP Proxy ̇ Viruses and Worms
̇ Why Fuzzing ̇ Hacking Tools
̇ Commercial VoIP Fuzzing tools ̇ USB Security Tools
̇ Registration Removal with erase_registrations Tool ̇ Countermeasures
̇ Registration Addition with add_registrations Tool
̇
Module 42: Hacking Database Servers
̇
Covering Tracks
Hacking Database server: Introduction
Module 39: RFID Hacking ̇ Hacking Oracle Database Server
̇ RFID- Definition ̇ Hacking SQL Server
̇ Components of RFID Systems ̇ Security Tools
̇ RFID Collisions ̇ SQL Server Security Best Practices: Administrator
̇ RFID Risks Checklist
̇ Hazards of Electromagnetic Radiation ̇ SQL Server Security Best Practices: Developer
̇ Computer Network Attacks Checklist

̇ RFID and Privacy Issues Module 43: Cyber Warfare- Hacking, Al-Qaida and
̇ Countermeasures Terrorism
̇ RFID Security and Privacy Threats ̇
̇
Cyber Terrorism Over Internet
Protection Against RFID Attacks ̇
̇
Cyber-Warfare Attacks
RFID Guardian ̇
̇
45 Muslim Doctors Planned US Terror Raids
RFID Malware ̇
̇
Net Attack
RFID Exploits ̇
̇
Al-Qaeda
Vulnerabilities in RFID-enabled Credit Cards ̇
̇
Why Terrorists Use Cyber Techniques
RFID Hacking Tool: RFDump ̇
̇
Cyber Support to Terrorist Operations
RFID Security Controls ̇
̇
Planning
RFID Security ̇ Recruitment
Module 40: Spamming ̇ Research
̇
̇
Propaganda
̇
Introduction
̇
Propaganda: Hizballah Website
Techniques used by Spammers
 ̇ Cyber Threat to the Military ̇ Internet Relay Chat
̇ Russia ‘hired botnets’ for Estonia Cyber-War ̇ Pros and Cons of Internet Relay Chat
̇ NATO Threatens War with Russia ̇ Electronic Commerce
̇ Bush on Cyber War: ‘a subject I can learn a lot ̇ Internet Privacy Tools: Anonymizers
about’ ̇ Anonymizer Anonymous Surfing
̇ E.U. Urged to Launch Coordinated Effort Against ̇ Anonymizer Total Net Shield
Cybercrime ̇
̇
Anonymizer Nyms
Budget: Eye on Cyber-Terrorism Attacks ̇
̇
Anonymizer Anti-Spyware
Cyber Terror Threat is Growing, Says Reid ̇
̇
Anonymizer Digital Shredder Lite
Terror Web 2.0 ̇
̇
Steganos Internet Anonym
Table 1: How Websites Support Objectives of ̇ Invisible IP Map
̇
terrorist/Extremist Groups
̇
NetConceal Anonymity Shield
̇
Electronic Jihad
̇
Anonymous Guest
̇
Electronic Jihad' App Offers Cyber Terrorism for the
ViewShield
̇
Masses
̇
IP Hider
̇
Cyber Jihad – Cyber Firesale
̇
Mask Surf Standard
̇
http://internet-haganah.com/haganah/
VIP Anonymity
Module 44: Internet Content Filtering Techniques ̇ SmartHide
̇ Introduction to Internet Filter ̇ Anonymity Gateway
̇ Key Features of Internet Filters ̇ Hide My IP
̇ Pros and Cons of Internet Filters ̇ Claros Anonymity
̇ Internet Content Filtering Tools ̇ Max Internet Optimizer
̇ iProtectYou ̇ Hotspot Shield
̇ Tools ̇ Anonymous Browsing Toolbar
̇ Net Nanny ̇ Invisible Browsing
̇ CyberSieve ̇ Real Time Cleaner
̇ BSafe Internet Filter ̇ Anonymous Web Surfing
̇ Tools ̇ Anonymous Friend
̇ Internet Safety Guidelines for Children ̇ Easy Hide IP
̇ Internet Privacy Tools: Firewall Tools
̇
Module 45: Privacy on the Internet
Internet Privacy Tools: Others
̇ Internet privacy ̇ Privacy Eraser
̇ Proxy privacy ̇ CookieCop
̇ Spyware privacy ̇ Cookiepal
̇ Email privacy ̇ Historykill
̇ Cookies ̇ Tracks eraser
̇ Examining Information in Cookies ̇ Best Practices
̇ How Internet Cookies Work ̇ Protecting Search Privacy
̇ How Google Stores Personal Information ̇ Tips for Internet Privacy
̇ Google Privacy Policy ̇ Counter measures
̇ Web Browsers
̇
Module 46: Securing Laptop Computers
Web Bugs
̇ Downloading Freeware ̇ Statistics for Stolen and Recovered Laptops
 ̇ Statistics on Security Module 49: Creating Security Policies
̇ Percentage of Organizations Following the Security ̇ Security policies
̇
Measures
̇
Key Elements of Security Policy
̇
Laptop threats
̇
Defining the Purpose and Goals of Security Policy
̇
Laptop Theft
̇
Role of Security Policy
̇
Fingerprint Reader
̇
Classification of Security Policy
̇
Protecting Laptops Through Face Recognition
̇
Design of Security Policy
̇
Bluetooth in Laptops
̇
Contents of Security Policy
̇
Tools
̇
Configurations of Security Policy
̇
Securing from Physical Laptop Thefts
̇
Implementing Security Policies
̇
Hardware Security for Laptops
̇
Types of Security Policies
̇
Protecting the Sensitive Data
̇
Promiscuous Policy
̇
Preventing Laptop Communications from Wireless
Permissive Policy
̇
Threats
̇
Prudent Policy
̇
Protecting the Stolen Laptops from Being Used
̇
Paranoid Policy
̇
Security Tips
Acceptable-Use Policy
̇ User-Account Policy
̇ Remote-Access Policy
̇
Module 47: Spying Technologies
̇
Information-Protection Policy
̇
Spying
̇
Firewall-Management Policy
̇
Motives of Spying
̇
Special-Access Policy
̇
Spying Devices
̇
Network-Connection Policy
̇
Spying Tools
̇
Business-Partner Policy
̇
Anti-Spying Tools
Other Important Policies
Module 48: Corporate Espionage- Hacking Using ̇ Policy Statements
Insiders ̇ Basic Document Set of Information Security Policies
̇ Introduction To Corporate Espionage ̇ E-mail Security Policy
̇ Information Corporate Spies Seek ̇ Best Practices for Creating E-mail Security Policies
̇ Insider Threat ̇ User Identification and Passwords Policy
̇ Different Categories of Insider Threat ̇ Software Security Policy
̇ Privileged Access ̇ Software License Policy
̇ Driving Force behind Insider Attack ̇ Points to Remember While Writing a Security Policy
̇ Common Attacks carried out by Insiders ̇ Sample Policies
̇ Techniques Used for Corporate Espionage ̇ Remote Access Policy
̇ Process of Hacking ̇ Wireless Security Policy
̇ Former Forbes Employee Pleads Guilty ̇ E-mail Security Policy
̇ Former Employees Abet Stealing Trade Secrets ̇ E-mail and Internet Usage Policies
̇ California Man Sentenced For Hacking ̇ Personal Computer Acceptable Use Policy
̇ Federal Employee Sentenced for Hacking ̇ Firewall Management policy
̇ Facts ̇ Internet Acceptable Use Policy
̇ Key Findings from U.S Secret Service and CERT ̇ User Identification and Password Policy
Coordination Center/SEI study on Insider Threat ̇ Software License Policy
̇ Tools
Module 50: Software Piracy and Warez ̇ Stealing Online Game Passwords

̇ Software Activation: Introduction ̇ Stealing Online Game Passwords: Social

̇
Engineering and Phishing
̇
Process of Software Activation
̇
Online Gaming Malware from 1997-2007
̇
Piracy
̇
Best Practices for Secure Online Gaming
̇
Piracy Over Internet
̇
Tips for Secure Online Gaming
Abusive Copies
̇ Pirated Copies Module 52: Hacking RSS and Atom
̇ Cracked Copies ̇
̇
Introduction
Impacts of piracy ̇
̇
Areas Where RSS and Atom is Used
Software Piracy Rate in 2006 ̇
̇
Building a Feed Aggregator
Piracy Blocking ̇
̇
Routing Feeds to the Email Inbox
Software Copy Protection Backgrounders ̇
̇
Monitoring the Server with Feeds
CD Key Numbers ̇
̇
Tracking Changes in Open Source Projects
Dongles ̇
̇
Risks by Zone
Media Limited Installations ̇
̇
Reader Specific Risks
Protected Media ̇
̇
Utilizing the Web Feeds Vulnerabilities
Hidden Serial Numbers ̇
̇
Example for Attacker to Attack the Feeds
Digital Right Management (DRM) ̇
̇
Tools
Copy protection for DVD
̇ Warez
̇ Warez Module 53: Hacking Web Browsers (Firefox, IE)
̇
̇
Types of Warez
̇
Introduction
̇
Warez Distribution
̇
How Web Browsers Work
̇
Distribution Methods
̇
How Web Browsers Access HTML Documents
̇
Tool: Crypkey
̇
Protocols for an URL
̇
Tool: EnTrial
̇
Hacking Firefox
̇
EnTrial Tool: Distribution File
̇
Firefox Security
̇
EnTrial Tool: Product & Package Initialization Dialog
̇
Hacking Internet Explorer
̇
EnTrial Tool: Add Package GUI
̇
Internet Explorer Security
̇
Tool: DF_ProtectionKit
̇
Hacking Opera
̇
Tool: Crack Killer
̇
Security Features of Opera
̇
Tool: Logic Protect
̇
Hacking Safari
̇
Tool: Software License Manager
̇
Securing Safari
̇
Tool: Quick License Manager
̇
Hacking Netscape
̇
Tool: WTM CD Protect
Securing Netscape
Module 51: Hacking and Cheating Online Games
Module 54: Proxy Server Technologies
̇
̇
Online Games: Introduction
̇
Introduction: Proxy Server
̇
Basics of Game Hacking
̇
Working of Proxy Server
̇
Threats in Online Gaming
̇
Types of Proxy Server
̇
Cheating in Online Computer Games
̇
Socks Proxy
̇
Types of Exploits
̇
Free Proxy Servers
̇
Example of popular game exploits
Use of Proxies for Attack
 ̇ Tools ̇ Tool: GPS NMEA LOG
̇ How Does MultiProxy Work ̇ Tool: GPS Diagnostic
̇ TOR Proxy Chaining Software ̇ Tool: RECSIM III
̇ TOR Proxy Chaining Software ̇ Tool: G7toWin
̇ AnalogX Proxy ̇ Tool: G7toCE
̇ NetProxy ̇ Tool: GPS Security Guard
̇ Proxy+ ̇ GPS Security Guard Functions
̇ ProxySwitcher Lite ̇ UberTracker
̇ Tool: JAP
̇
Module 57: Computer Forensics and Incident Handling
̇
Proxomitron
̇ Computer Forensics
̇
SSL Proxy Tool
̇ Incident Handling
̇
How to Run SSL Proxy
Incident Management
Module 55: Data Loss Prevention ̇ Why don’t Organizations Report Computer Crimes
̇ Introduction: Data Loss ̇ Estimating Cost of an Incident
̇ Causes of Data Loss ̇ Whom to Report an Incident
̇ How to Prevent Data Loss ̇ Incident Reporting
̇ Impact Assessment for Data Loss Prevention ̇ Vulnerability Resources
̇ Tools ̇ What is CSIRT

Module 58: Credit Card Frauds

Module 56: Hacking Global Positioning System (GPS) ̇ E-Crime

̇
̇
Statistics
̇
Geographical Positioning System (GPS)
̇
Credit Card
̇
Terminologies
̇
Credit Card Generators
̇
GPS Devices Manufacturers
̇
Credit Card Fraud Detection
̇
Gpsd-GPS Service Daemon
̇
Best Practices: Ways to Protect Your Credit Cards
Sharing Waypoints
̇ Wardriving Module 59: How to Steal Passwords
̇ Areas of Concern ̇
̇
Password Stealing
Sources of GPS Signal Errors ̇
̇
How to Steal Passwords
Methods to Mitigate Signal Loss ̇
̇
Password Stealing Techniques
GPS Secrets ̇
̇
Password Stealing Trojans
GPS Hidden Secrets ̇
̇
Password Stealing Tools
Secret Startup Commands in Garmin ̇
̇
Recommendations for Improving Password Security
Hard Reset/ Soft Reset ̇
̇
Best Practices
Firmware Hacking
̇ Firmware Module 60: Firewall Technologies
̇ Hacking GPS Firmware: Bypassing the Garmin ̇ Firewalls: Introduction
eTrex Vista Startup Screen ̇ Hardware Firewalls
̇ Hacking GPS Firmware: Bypassing the Garmin ̇ Software Firewalls
eTrex Legend Startup Screen ̇
̇
Windows Firewalls
Hacking GPS Firmware: Bypassing the Garmin ̇ Linux Firewalls
̇
eTrex Venture Startup Screen
̇
Mac OS X Firewalls
GPS Tools
Module 61: Threats and Countermeasures ̇ Log On as a Service

̇ ̇ Manage Auditing and Security Log

̇
Domain Level Policies
̇ Modify Firmware Environment Values
̇
Enforce Password History
̇ Perform Volume Maintenance Tasks
̇
Maximum Password Age
̇ Profile Single Process
̇
Minimum Password Length
̇ Profile System Performance
̇
Store Password using Reversible Encryption for all
Users in the Domain Account Lockout Duration Remove Computer from Docking Station
̇ Account Lockout Threshold ̇ Replace a Process Level Token
̇ Reset Account Lockout Counter After ̇ Restore Files and Directories
̇ Enforce User Logon Restrictions ̇ Shut Down the System
̇ Maximum Lifetime for Service Ticket ̇ Synchronize Directory Service Data
̇ Maximum Tolerance for Computer Clock ̇ Take Ownership of Files or Other Objects
Synchronization ̇ Security Options
̇ Audit Policy ̇ Accounts: Administrator Account Status
̇ User Rights ̇ Audit: Audit the Access of Global System Objects
̇ Access this Computer from the Network ̇ DCOM: Machine Access/Launch Restrictions in
̇ Act as Part of the Operating System Security Descriptor Definition Language (SDDL)
̇ Add Workstations to Domain ̇ DCOM: Machine Access/Launch Restrictions in
̇ Security Descriptor Definition Language (SDDL)
̇
Adjust Memory Quotas for a Process
̇ Devices: Allow Undock without having to Log On
̇
Allow Log On Locally
̇ Allow Log On through Terminal Services Devices: Allowed to Format and Eject Removable

̇
Media
̇
Back Up Files and Directories
̇
Devices: Prevent Users from Installing Printer
Bypass Traverse Checking
̇
Drivers
̇
Change the System Time
̇
Devices: Restrict CD-ROM/Floppy Access to Locally
Create a Page File
̇
Logged-on User Only
Create a Token Object ̇
̇
Devices: Restrict CD-ROM Access to Locally
Create Global Objects Logged-on User Only
̇ Create Permanent Shared Objects ̇ Devices: Unsigned Driver Installation Behavior
̇ Debug Programs ̇ Domain Controller: Allow Server Operators to
̇ Deny Access to this Computer from the Network Schedule Tasks
̇ Deny Log On as a Batch Job ̇ Domain Controller: LDAP Server Signing
̇ Deny Log On as a Service Requirements
̇ Deny Log On Locally ̇ Domain Controller: Refuse Machine Account
̇ Password Changes
̇
Deny Log On through Terminal Services
̇ Enable Computer and User Accounts to be Trusted Domain Member: Digitally Encrypt or Sign Secure
Channel Data
̇
for Delegation
̇ Force Shutdown from a Remote System Domain Member: Disable Machine Account

̇
Password Changes
̇
Generate Security Audits
̇
Domain Member: Maximum Machine Account
Impersonate a Client after Authentication
̇
Password Age
̇
Increase Scheduling Priority
̇
Domain Member: Require Strong (Windows 2000 or
Load and Unload Device Drivers
̇
Later) Session Key
Lock Pages in Memory ̇
̇
Interactive Logon: Do Not Display Last User Name
Log On as a Batch Job ̇ Interactive Logon: Do Not Require CTRL+ALT+DEL
̇ Interactive Logon: Message Text for Users ̇ Network Security: Minimum Session Security for
Attempting to Log On NTLM SSP based (Including Secure RPC)
̇ Interactive Logon: Number of Previous Logons to Clients/Servers
Cache ̇ Network Security: Minimum Session Security for
̇ Interactive Logon: Prompt User to Change Password NTLM SSP based (Including Secure RPC) Clients
before Expiration ̇ Recovery Console: Allow Automatic Administrative
̇ Interactive Logon: Require Domain Controller Logon
Authentication to Unlock Workstation ̇ Recovery Console: Allow Floppy Copy and Access to
̇ Interactive Logon: Require Smart Card all Drives and all Folders
̇ Interactive Logon: Smart Card Removal Behavior ̇ Shutdown: Allow System to be Shut Down Without
̇ Having to Log On
̇
Microsoft Network Client and Server: Digitally Sign
Communications (Four Related Settings) Shutdown: Clear Virtual Memory Page File
̇ Microsoft Network Client: Send Unencrypted ̇ System Cryptography: Force Strong Key Protection
Password to Third-party SMB Servers for User Keys Stored on the Computer
̇ Microsoft Network Server: Amount of Idle Time ̇ System Cryptography: Use FIPS Compliant
Required before Suspending Session Algorithms for Encryption, Hashing, and Signing
̇ Microsoft Network Server: Disconnect Clients when ̇ System Objects: Default Owner for Objects Created
Logon Hours Expire by Members of the Administrators Group
̇ Network Access: Allow Anonymous SID/Name ̇ System Objects: Require Case Insensitivity for Non-
Translation Windows Subsystems
̇ Network Access: Do Not Allow Anonymous ̇ System Objects: Strengthen Default Permissions of
Enumeration of SAM Accounts Internal System Objects
̇ Network Access: Do Not Allow Storage of ̇ System Settings: Use Certificate Rules on Windows
Credentials or .NET Passports for Network Executables for Software Restriction Policies
Authentication ̇ Event Log
̇ Network Access: Let Everyone Permissions Apply to ̇ System Services
Anonymous Users ̇ Services Overview
̇ Network Access: Named Pipes that can be Accessed ̇ Do Not Set Permissions on Service Objects
Anonymously ̇
̇
Manually Editing Security Templates
Network Access: Remotely Accessible Registry ̇ System Services - Alerter
̇
Paths
̇
Application Experience Lookup Service
̇
Network Access: Remotely Accessible Registry
Application Layer Gateway Service
̇
Paths and Sub-paths
̇
Application Management
̇
Network Access: Restrict Anonymous Access to
ASP .NET State Service
̇
Named Pipes and Shares
̇ Automatic Updates
̇
Network Access: Shares that can be Accessed
Anonymously Background Intelligent Transfer Service (BITS)
̇ Network Access: Sharing and Security Model for ̇ Certificate Services
Local Accounts ̇ Client Service for NetWare
̇ Network Security: Do Not Store LAN Manager Hash ̇ ClipBook
Value on Next Password Change ̇ Cluster Service
̇ Network Security: Force Logoff when Logon Hours ̇ COM+ Event System
Expire ̇
̇
COM+ System Application
Network Security: LAN Manager Authentication Level ̇
̇
Computer Browser
Network Security: LDAP Client Signing ̇ Cryptographic Services
̇
Requirements
DCOM Server Process Launcher
̇ DHCP Client ̇ Network Location Awareness (NLA)
̇ DHCP Server ̇ Network Provisioning Service
̇ Distributed File System ̇ Network News Transfer Protocol (NNTP)
̇ Distributed Link Tracking Client ̇ NTLM Security Support Provider
̇ Distributed Link Tracking Server ̇ Performance Logs and Alerts
̇ Distributed Transaction Coordinator ̇ Plug and Play
̇ DNS Client ̇ Portable Media Serial Number
̇ DNS Server ̇ Print Server for Macintosh
̇ Error Reporting Service ̇ Print Spooler
̇ Event Log ̇ Protected Storage
̇ Fast User Switching Compatibility ̇ QoS RSVP Service
̇ Fax Service ̇ Remote Access Auto Connection Manager
̇ File Replication ̇ Remote Administration Service
̇ File Server for Macintosh ̇ Help Session Manager
̇ FTP Publishing Service ̇ Remote Installation
̇ Help and Support ̇ Removable Storage
̇ HTTP SSL ̇ Resultant Set of Policy Provider
̇ Human Interface Device Access ̇ Routing and Remote Access
̇ IAS Jet Database Access ̇ SAP Agent
̇ IIS Admin Service ̇ Secondary Logon
̇ IMAPI CD-Burning COM Service ̇ Security Accounts Manager
̇ Indexing Service ̇ Security Center
̇ Infrared Monitor ̇ Server
̇ Internet Authentication Service ̇ Shell Hardware Detection
̇ Intersite Messaging ̇ Simple Mail Transport Protocol (SMTP)
̇ IP Version 6 Helper Service ̇ Simple TCP/IP Services
̇ IPSec Policy Agent (IPSec Service) ̇ Smart Card
̇ IPSec Services ̇ Special Administration Console Helper
̇ Kerberos Key Distribution Center ̇ System Event Notification
̇ License Logging Service ̇ System Restore Service
̇ Logical Disk Manager ̇ Task Scheduler
̇ Machine Debug Manager ̇ TCP/IP NetBIOS Helper Service
̇ Message Queuing ̇ TCP/IP Print Server
̇ Microsoft POP3 Service ̇ Telnet
̇ Microsoft Software Shadow Copy Provider ̇ Terminal Services
̇ MSSQL$UDDI ̇ Trivial FTP Daemon
̇ MSSQLServerADHelper ̇ Uninterruptible Power Supply
̇ .NET Framework Support Service ̇ Upload Manager
̇ Net Logon ̇ Virtual Disk Service
̇ NetMeeting Remote Desktop Sharing ̇ WebClient
̇ Network Connections ̇ Web Element Manager
̇ Network DDE ̇ Windows Firewall /Internet Connection Sharing
̇ Network DDE DSDM ̇ WinHTTP Web Proxy Auto-Discovery Service
̇ Wireless Configuration ̇ Restrict File Download
̇ Workstation ̇ Network Protocol Lockdown
̇ World Wide Web Publishing Service ̇ Internet Information Services
̇ Software Restriction Policies ̇ Prevent IIS Installation
̇ The Threat of Malicious Software ̇ Terminal Services
̇ Windows XP and Windows Server 2003 ̇ Deny Log Off of an Administrator Logged in to the
Administrative Templates Console Session
̇ Computer Configuration Settings ̇ Do Not Allow Local Administrators to Customize
̇ NetMeeting Permissions
̇ Disable Remote Desktop Sharing ̇ Sets Rules for Remote Control of Terminal Services
̇ User Sessions
̇
Internet Explorer Computer Settings
̇ Client/Server Data Redirection
̇
Disable Automatic Install of Internet Explorer
Components Allow Time Zone Redirection
̇ Disable Periodic Check for Internet Explorer ̇ Do Not Allow COM Port Redirection
Software Updates ̇ Do Not Allow Client Printer Redirection
̇ Disable Software Update Shell Notifications on ̇ Do Not Allow LPT Port Redirection
Program Launch ̇ Do Not Allow Drive Redirection
̇ Make Proxy Settings Per-Machine (Rather than Per- ̇ Encryption and Security
User) ̇
̇
Set Client Connection Encryption Level
Security Zones: Do Not Allow Users to Add/Delete ̇ Always Prompt Client For A Password On
Sites
̇
Connection
Turn off Crash Detection ̇
̇
RPC Security Policy
Do Not Allow Users to Enable or Disable Add-ons ̇
̇
Secure Server (Require Security)
Internet Explorer\Internet Control Panel\Security ̇ Sessions
̇
Page
̇
Set Time Limit For Disconnected Sessions
̇
Internet Explorer\Internet Control Panel\Advanced
Allow Reconnection From Original Client Only
̇
Page
̇
Windows Explorer
̇
Allow Software to Run or Install Even if the Signature
Turn Off Shell Protocol Protected Mode
̇
is Invalid
̇ Windows Messenger
̇
Allow Active Content from CDs to Run on User
Machines Windows Update
̇ Allow Third-party Browser Extensions ̇ Configure Automatic Updates
̇ Check for Server Certificate Revocation ̇ Reschedule Automatic Updates Scheduled
̇ Installations
̇
Check for Signatures On Downloaded Programs
̇ System
̇
Do Not Save Encrypted Pages to Disk
̇ Turn off Autoplay
̇
Empty Temporary Internet Files Folder when
Browser is Closed Do Not Process The Run Once List
̇ Internet Explorer\Security Features ̇ Logon
̇ Binary Behavior Security Restriction ̇ Don't Display The Getting Started Welcome Screen
̇ At Logon
̇
MK Protocol Security Restriction
̇ Do Not Process The Legacy Run List
̇
Local Machine Zone Lockdown Security
̇ Group Policy
̇
Consistent MIME Handling
̇ Internet Explorer Maintenance Policy Processing
̇
MIME Sniffing Safety Features
̇ IP Security Policy Processing
̇
Scripted Window Security Restrictions
̇ Restrict ActiveX Install Registry Policy Processing
̇ Security Policy Processing ̇ Configure Automatic Reboot from System Crashes
̇ Error Reporting ̇ Enable Administrative Shares
̇ Display Error Notification ̇ Disable Saving of Dial-Up Passwords
̇ Report Errors ̇ Hide the Computer from Network Neighborhood
̇ Internet Communications Management Browse Lists: Hide Computer From the Browse List
̇ Distributed COM ̇ Configure Netbios Name Release Security: Allow the
̇ Browser Menus Computer to Ignore Netbios Name Release

̇
Requests Except from WINS Servers
̇
Disable Save This Program To Disk Option
̇
Enable Safe DLL Search Order: Enable Safe DLL
Attachment Manager
̇
Search Mode (Recommended)
̇
Inclusion List For High Risk File Types
̇
Security Log Near Capacity Warning: Percentage
Inclusion List For Moderate Risk File Types
̇
Threshold for the Security Event Log at which the
Inclusion List For Low File Types System will Generate a Warning
̇ Trust Logic For File Attachments ̇ Registry Entries Available In Windows XP With SP2
̇ Hide Mechanisms To Remove Zone Information And Windows Server 2003 With SP1
̇ Notify Antivirus Programs When Opening ̇ RunInvalidSignatures
Attachments ̇ Registry Entries Available in Windows XP with SP2
̇ Windows Explorer ̇ Security Center Registry Entries for XP
̇ Remove Security Tab ̇ StorageDevicePolicies\WriteProtect
̇ System\Power Management ̇ Registry Entries Available in Windows Server 2003
̇ Additional Registry Entries with SP1
̇ How to Modify the Security Configuration Editor User ̇ UseBasicAuth
Interface ̇ DisableBasicOverClearChannel
̇ TCP/IP-Related Registry Entries ̇ Additional Countermeasures
̇ Disableipsourcerouting: IP Source Routing ̇ Securing the Accounts
Protection Level (Protects Against Packet Spoofing) ̇
̇
NTFS
Enabledeadgwdetect: Allow Automatic Detection Of ̇ Data and Application Segmentation
̇
Dead Network Gateways (Could Lead To Dos)
̇
Configure SNMP Community Name
̇
Enableicmpredirect: Allow ICMP Redirects To
Disable NetBIOS and SMB on Public Facing
Override OSPF Generated Routes
̇
Interfaces
̇
Keepalivetime: How Often Keep-alive Packets Are
Disable Dr. Watson
̇
Sent In Milliseconds (300,000 Is Recommended)
̇
Configure IPsec Policies
̇
Synattackprotect: Syn Attack Protection Level
(Protects Against Dos) Configuring Windows Firewall

̇ Tcpmaxconnectresponseretransmissions: SYN-ACK Module 62: CaseStudies

Retransmissions When A Connection Request Is Not Module 63: Botnets
Acknowledged Module 64: Economic Espionage
̇ Tcpmaxdataretransmissions: How Many Times Module 65: Patch Management
Unacknowledged Data Is Retransmitted (3 Module 66: Security Convergence
Recommended, 5 Is Default) Module 67: Identifying the Terrorist
̇ Miscellaneous Registry Entries