CEH v7.1
INFO
Certified Ethical Hacker V7.1: Slides + Tools + Videos
http://www.fileserve.com/list/CQWXaYP
Mirror
http://www.filesonic.com/folder/14831575
In addition to the makeover, CEHv7 includes two additional bundles; a Monster Hacking Tool Repository, Codenamed Frankenstein and a subscription based Virtual Lab Environment codenamed iLabs.
Frankenstein
Frankenstein provides user with an ease for searching, downloading and installing the latest hacking and penetration testing tools. By using Frankenstein Version 1.0, users can check the release date of the tool, category under which it is published, probable size of the tool, name of the publisher/author, the website details and technical requirements for the tool to run. This will help all the Certified Members to keep themselves updated of tools released in the wild.
Benefits:
Repository of categorized latest tools.
User can download the tool in less time with comparison to manual search.
Helps the user to synchronize & manage the tools from the server.
Search specific tools from the available list of tools.
The system provides a means to generate a HTML report of all the tools downloaded by the user.
iLabs
The iLabs is a subscription based service that allows students to logon to a virtualized remote machine running Windows 2003 Server to perform various exercises featured in the CEHv7Lab Guide. All you need is a web browser to connect and start experimenting. The virtual machine setup reduces the time and effort spent by instructors and partners prior to the classroom engagement. It is a hassle free service available 24?X7 x number of days subscribed.
Benefits
Enables students to practice various hacking techniques in a real time and simulated environment.
The course tools and programs are preloaded on the iLabs machine thereby saving productive time and effort.
Key Features of CEH v7
Well organized DVD-ROM content; a repository of approximately 20GB of latest hacking and security tools and more than 1000 minutes of videos demonstrating hacking techniques.
Well organized content for a better understanding and learning experience.
Concepts are well-illustrated to create self-explanatory slides.
Diagrammatic representation of concepts and attacks.
Industry standard key tools are featured in detail and other tools are presented as a list for students to try.
Exclusive section for countermeasures against different attacks with detailed explanation of how to implement these countermeasures in real time environment.
The new version has complete section dedicated for penetration testing. It illustrates how to implement learned concepts to test network system security.
A result oriented, descriptive and analytical lab manual; the labs showcased in the courseware are tested against latest Operating Systems with all the patches and hot fixes applied.
Course Outline – Certified Ethical Hacker (CEH v7.1)
Module 00 – Student Introduction
Student Introduction
Course Materials
CEHv7 Course Outline
EC-Council Certification Program
Certified Ethical Hacker Track
CEHv7 Exam Information
Lab Sessions
What Does CEH Teach You?
What CEH is NOT?
Remember This!
CEH Class Speed
Live Hacking Website
Let's Start Hacking!
Module 01 – Introduction to Ethical Hacking
Module Flow: Info Security Overview
Security News
Case Study
Scenario: How Simple Things Can Get You into Trouble?
Internet Crime Current Report: IC3
Data Breach Investigations Report
Types of Data Stolen From the Organizations
Essential Terminologies
Elements of Information Security
Authenticity and Non-Repudiation
The Security, Functionality, and Usability Triangle
Security Challenges
Module Flow: Hacking Concepts
Effects of Hacking
Effects of Hacking on Business
Who is a Hacker?
Hacker Classes
Hacktivism
Module Flow: Hacking Phases
What Does a Hacker Do?
Phase 1 – Reconnaissance
Phase 2 – Scanning
Phase 3 – Gaining Access
Phase 4 – Maintaining Access
Phase 5 – Covering Tracks
Module Flow: Types of Attacks
Types of Attacks on a System
Operating System Attacks
Application-Level Attacks
Shrink Wrap Code Attacks
Misconfiguration Attacks
Module Flow: Ethical Hacking
Why Ethical Hacking is Necessary?
Defense in Depth
Scope and Limitations of Ethical Hacking
What Do Ethical Hackers Do?
Skills of an Ethical Hacker
Module Flow: Vulnerability Research
Vulnerability Research
Vulnerability Research Websites
Demo – Vulnerability Research Website
What is Penetration Testing?
Why Penetration Testing?
Penetration Testing Methodology
Quotes
Module 01 Review
Module 02 – Footprinting and Reconnaissance
Module Flow: Footprinting Concepts
Security News
Footprinting Terminologies
What is Footprinting?
Objectives of Footprinting
Module Flow: Footprinting Threats
Footprinting Threats
Module Flow: Footprinting Methodology
Footprinting Methodology: Internet Footprinting
Finding a Company’s URL
Locate Internal URLs
Public and Restricted Websites
Search for Company’s Information
Tools to Extract Company’s Data
Footprinting Through Search Engines
Demo – Footprinting Through Search Engines
Collect Location Information
Satellite Picture of a Residence
People Search
People Search Using http://pipl.com
People Search Online Services
Demo – People Search Using Online Services
People Search on Social Networking Services
Gather Information from Financial Services
Footprinting Through Job Sites
Monitoring Target Using Alerts
Footprinting Methodology: Competitive Intelligence
Competitive Intelligence Gathering
Competitive Intelligence – When Did this Company Begin? How Did it Develop?
Competitive Intelligence – What are the Company’s Plans?
Competitive Intelligence – What Expert Opinion Say About the Company?
Competitive Intelligence Tools
Competitive Intelligence Consulting Companies
Footprinting Methodology: WHOIS Footprinting
WHOIS Lookup
WHOIS Lookup Result Analysis
WHOIS Lookup Tools: SmartWhois
Demo – SmartWhois
WHOIS Lookup Tools
WHOIS Lookup Online Tools
Footprinting Methodology: DNS Footprinting
Extracting DNS Information
Demo – DNS Overview
DNS Interrogation Tools
DNS Interrogation Online Tools
Footprinting Methodology: Network Footprinting
Locate the Network Range
Traceroute
Traceroute Analysis
Traceroute Tool: 3D Traceroute
Traceroute Tool: LoriotPro
Traceroute Tool: Path Analyzer Pro
Traceroute Tools
Footprinting Methodology: Website Footprinting
Mirroring Entire Website
Demo – HTTrack and Website Watcher
Website Mirroring Tools
Mirroring Entire Website Tools
Extract Website Information from http://www.archive.org
Monitoring Web Updates Using Website Watcher
Footprinting Methodology: E-mail Footprinting
Tracking Email Communications
Email Tracking Tools
Demo – Tracking Emails with ReadNotify
Footprinting Methodology: Google Hacking
Footprint Using Google Hacking Techniques
What a Hacker Can Do With Google Hacking?
Google Advance Search Operators
Finding Resources using Google Advance Operator
Demo – Google Hacking
Google Hacking Tool: Google Hacking Database (GHDB)
Google Hacking Tools
Module Flow: Footprinting Tools
Additional Footprinting Tools
Module Flow: Footprinting Countermeasures
Footprinting Countermeasures
Module Flow: Footprinting Pen Testing
Footprinting Pen Testing
Quotes
Module 02 Summary
Module 03 – Scanning Networks
Scanning Networks
Security News
Network Scanning
Types of Scanning
CEH Scanning Methodology: Check for Live System
Checking for Live Systems – ICMP Scanning
Ping Sweep
Ping Sweep Tools
Demo – Angry IP
CEH Scanning Methodology: Check for Open Ports
Three-Way Handshake
TPC Communication Flags
Create Custom Packet using TCP Flags
Hping2/Hping3
Hping3 Screenshot
Hping Commands
Scanning Techniques
TCP Connect/Full Open Scan
Stealth Scan (Half-open Scan)
Xmas Scan
FIN Scan
NULL Scan
IDLE Scan
IDLE Scan: Step 1
IDLE Scan: Step 2.1 (Open Port)
IDLE Scan: Step 2.2 (Closed Port)
IDLE Scan: Step 3
ICMP Echo Scanning/List Scan
SYN/FIN Scanning Using IP Fragments
UDP Scanning
Inverse TCP Flag Scanning
ACK Flag Scanning
Scanning: IDS Evasion Techniques
IP Fragmentation Tools
Scanning Tool: Nmap
Nmap
Demo – Nmap
Scanning Tool: NetScan Tools Pro
Scanning Tools
Do Not Scan These IP Addresses
Scanning Countermeasures
War Dialing
Why War Dialing?
War Dialing Tools
War Dialing Countermeasures
War Dialing Countermeasures: SandTrap Tool
CEH Scanning Methodology: Banner Grabbing
OS Fingerprinting
Active Banner Grabbing Using Telnet
Demo – Banner Grabbing Using Telnet
Banner Grabbing Tool: ID Serve
GET REQUESTS
Banner Grabbing Tool: Netcraft
Demo – Footprinting Webservers Using Netcraft
Banner Grabbing Tools
Banner Grabbing Countermeasures: Disabling or Changing Banner
Hiding File Extensions
Hiding File Extensions from Webpages
CEH Scanning Methodology: Scan for Vulnerability
Vulnerability Scanning
Nessus: Screenshot
Demo – Vulnerability Scanning with Nessus
Vulnerability Scanning Tool: SAINT
GFI LANGuard
Network Vulnerability Scanners
CEH Scanning Methodology: Draw Network Diagrams
LANsurveyor
LANsurveyor: Screenshot
Network Mappers
CEH Scanning Methodology: Prepare Proxies
Proxy Servers
Why Attackers Use Proxy Servers?
Use of Proxies for Attack
How Does MultiProxy Work?
Free Proxy Servers
Proxy Workbench
Proxifier Tool: Create Chain of Proxy Servers
SocksChain
TOR (The Onion Routing)
TOR Proxy Chaining Software
HTTP Tunneling Techniques
Why do I Need HTTP Tunneling?
Super Network Tunnel Tool
Httptunnel for Windows
Additional HTTP Tunneling Tools
SSH Tunneling
SSL Proxy Tool
How to Run SSL Proxy?
Proxy Tools
Anonymizers
Types of Anonymizers
Case: Bloggers Write Text Backwards to Bypass Web Filters in China
Text Conversion to Avoid Filters
Censorship Circumvention Tool: Psiphon
How Psiphon Works?
Psiphon: Screenshot
How to Check if Your Website is Blocked in China or Not?
G-Zapper
Anonymizers (Cont.)
Spoofing IP Address
IP Spoofing Detection Techniques: Direct TTL Probes
IP Spoofing Detection Techniques: IP Identification Number
IP Spoofing Detection Techniques: TCP Flow Control Method
IP Spoofing Countermeasures
Scanning Penetration Testing
Scanning Pen Testing
Quotes
Module 03 Review
Module 04 – Enumeration
Module Flow: Enumeration Concepts
Security News
What is Enumeration?
Techniques of Enumeration
Module Flow: NetBIOS Enumeration
Netbios Enumeration
NetBIOS Enumeration Tool: SuperScan
Demo – Enumerating Users Using Null Sessions
NetBIOS Enumeration Tool: NetBIOS Enumerator
Enumerating User Accounts
Enumerate Systems Using Default Passwords
Module Flow: SNMP Enumeration
SNMP (Simple Network Management Protocol) Enumeration
Management Information Base (MIB)
SNMP Enumeration Tool: OpUtils Network Monitoring Toolset
SNMP Enumeration Tool: SolarWinds
Demo – SNMP Enumeration with Solar Winds
SNMP Enumeration Tools
Module Flow: UNIX/Linux Enumeration
UNIX/Linux Enumeration
Linux Enumeration Tool: Enum4linux
Module Flow: LDAP Enumeration
LDAP Enumeration
LDAP Enumeration Tool: JXplorer
LDAP Enumeration Tool
Module Flow: NTP Enumeration
NTP Enumeration
NTP Server Discovery Tool: NTP Server Scanner
NTP Server: PresenTense Time Server
NTP Enumeration Tools
Module Flow: SMTP Enumeration
SMTP Enumeration
SMTP Enumeration Tool: NetScanTools Pro
Module Flow: DNS Enumeration
DNS Zone Transfer Enumeration Using nslookup
Demo – Enumerating DNS Using nslookup
DNS Analyzing and Enumeration Tool: The Men & Mice Suite
Module Flow: Enumeration Countermeasures
Enumeration Countermeasures
SMB Enumeration Countermeasures
Module Flow: Enumeration Pen Testing
Enumeration Pen Testing
Quotes
Module 04 Review
Module 05 – System Hacking
System Hacking
Security News
Information at Hand Before System Hacking Stage
System Hacking: Goals
CEH Hacking Methodology (CHM)
CEH System Hacking Steps: Cracking Passwords
Password Cracking
Password Complexity
Password Cracking Techniques
Demo – Password Cracking with Cain
Types of Password Attacks
Passive Online Attacks: Wire Sniffing
Password Sniffing
Passive Online Attack: Man-in-the-Middle and Replay Attack
Active Online Attack: Password Guessing
Active Online Attack: Trojan/Spyware/Keylogger
Active Online Attack: Hash Injection Attack
Rainbow Attacks: Pre-Computed Hash
Distributed Network Attack
Elcomsoft Distributed Password Recovery
Demo – Distributed Password Cracking with Elcomsoft
Non-Electronic Attacks
Demo – Spytector
Default Passwords
Manual Password Cracking (Guessing)
Automatic Password Cracking Algorithm
Stealing Passwords Using USB Drive
Microsoft Authentication
How Hash Passwords are Stored in Windows SAM?
What is LAN Manager Hash?
LM “Hash” Generation
LM, NTLMv1, and NTLMv2
NTLM Authentication Process
Kerberos Authentication
Salting
PWdump7 and Fgdump
L0phtCrack
Ophcrack
Cain & Abel
RainbowCrack
Password Cracking Tools
LM Hash Backward Compatibility
How to Disable LM HASH?
How to Defend against Password Cracking?
Implement and Enforce Strong Security Policy
CEH System Hacking Steps: Escalating Privileges
Privilege Escalation
Escalation of Privileges
Active@Password Changer
Privilege Escalation Tools
How to Defend against Privilege Escalation?
CEH System Hacking Steps: Executing Applications
Executing Applications
Alchemy Remote Executor
RemoteExec
Execute This!
Keylogger
Types of Keystroke Loggers
Acoustic/CAM Keylogger
Keylogger: Advanced Keylogger
Keylogger: Spytech SpyAgent
Keylogger: Perfect Keylogger
Keylogger: Powered Keylogger
Keylogger for Mac: Aobo Mac OS X KeyLogger
Keylogger for Mac: Perfect Keylogger for Mac
Hardware Keylogger: KeyGhost
Keyloggers
Spyware
What Does the Spyware Do?
Types of Spywares
Desktop Spyware
Desktop Spyware: Activity Monitor
Desktop Spyware (Cont.)
Email and Internet Spyware
Email and Internet Spyware: eBLASTER
Internet and E-mail Spyware
Child Monitoring Spyware
Child Monitoring Spyware: Advanced Parental Control
Child Monitoring Spyware (Cont.)
Screen Capturing Spyware
Screen Capturing Spyware: Spector Pro
Screen Capturing Spyware (Cont.)
USB Spyware
USB Spyware: USBDumper
USB Spyware (Cont.)
Audio Spyware
Audio Spyware: RoboNanny, Stealth Recorder Pro and Spy Voice Recorder
Video Spyware
Video Spyware: Net Video Spy
Video Spyware (Cont.)
Print Spyware
Print Spyware: Printer Activity Monitor
Print Spyware (Cont.)
Telephone/Cellphone Spyware
Cellphone Spyware: Mobile Spy
Telephone/Cellphone Spyware (Cont.)
GPS Spyware
GPS Spyware: GPS TrackMaker
GPS Spyware (Cont.)
How to Defend against Keyloggers?
Anti-Keylogger
Anti-Keylogger: Zemana AntiLogger
Anti-Keyloggers
How to Defend against Spyware?
Anti-Spyware: Spyware Doctor
Anti-Spywares
CEH System Hacking Steps: Hiding Files
Rootkits
Types of Rootkits
How Rootkit Works?
Rootkit: Fu
Demo – Fu Rootkit
Detecting Rootkits
Steps for Detecting Rootkits
How to Defend against Rootkits?
Anti-Rootkit: RootkitRevealer and McAfee Rootkit Detective
Anti-Rootkits
NTFS Data Stream
How to Create NTFS Streams?
NTFS Stream Manipulation
How to Defend against NTFS Streams?
Demo – Creating Alternate Data Streams
NTFS Stream Detector: ADS Scan Engine
NTFS Stream Detectors
What is Steganography?
Steganography Techniques
How Steganography Works?
Types of Steganography
Whitespace Steganography Tool: SNOW
Image Steganography
Image Steganography: Hermetic Stego
Image Steganography Tools
Document Steganography: wbStego
Document Steganography Tools
Video Steganography: Our Secret
Video Steganography Tools
Audio Steganography: Mp3stegz
Audio Steganography Tools
Folder Steganography: Invisible Secrets 4
Demo – Steganography
Folder Steganography Tools
Spam/Email Steganography: Spam Mimic
Natural Text Steganography: Sams Big G Play Maker
Steganalysis
Steganalysis Methods/Attacks on Steganography
Steganography Detection Tool: Stegdetect
Steganography Detection Tools
CEH System Hacking Steps: Covering Tracks
Why Cover Tracks?
Covering Tracks
Ways to Clear Online Tracks
Disabling Auditing: Auditpol
Covering Tracks Tool: Window Washer
Covering Tracks Tool: Tracks Eraser Pro
Track Covering Tools
CEH System Hacking Steps: Penetration Testing
Password Cracking (Cont.)
Privilege Escalation (Cont.)
Executing Applications (Cont.)
Hiding Files
Covering Tracks (Cont.)
Quotes
Module 05 Review
Module 06 – Trojans and Backdoors
Module Flow: Trojan Concepts
Security News
What is a Trojan?
Overt and Covert Channels
Purpose of Trojans
What Do Trojan Creators Look For?
Indications of a Trojan Attack
Common Ports used by Trojans
Module Flow: Trojan Infection
How to Infect Systems Using a Trojan?
Wrappers
Wrapper Covert Programs
Different Ways a Trojan can Get into a System
How to Deploy a Trojan?
Evading Anti-Virus Techniques
Module Flow: Types of Trojans
Types of Trojans
Command Shell Trojans
Command Shell Trojan: Netcat
Demo – Netcat
GUI Trojan: MoSucker
GUI Trojan: Jumper and Biodox
Document Trojans
E-mail Trojans
E-mail Trojans: RemoteByMail
Defacement Trojans
Defacement Trojans: Restorator
Botnet Trojans
Botnet Trojan: Illusion Bot
Botnet Trojan: NetBot Attacker
Proxy Server Trojans
Proxy Server Trojan: W3bPrOxy Tr0j4nCr34t0r (Funny Name)
FTP Trojans
FTP Trojan: TinyFTPD
VNC Trojans
HTTP/HTTPS Trojans
HTTP Trojan: HTTP RAT
Shttpd Trojan – HTTPS (SSL)
ICMP Tunneling
ICMP Trojan: icmpsend
Remote Access Trojans
Demo – Beast
Remote Access Trojan: RAT DarkComet
Remote Access Trojan: Apocalypse
Covert Channel Trojan: CCTT
E-banking Trojans
Banking Trojan Analysis
E-banking Trojan: ZeuS
Destructive Trojans
Notification Trojans
Credit Card Trojans
Data Hiding Trojans (Encrypted Trojans)
BlackBerry Trojan: PhoneSnoop
MAC OS X Trojan: DNSChanger
Mac OS X Trojan: Hell Raiser
Module Flow: Trojan Detection
How to Detect Trojans?
Scanning for Suspicious Ports
Port Monitoring Tool: IceSword
Port Monitoring Tools: CurrPorts and TCPView
Scanning for Suspicious Processes
Process Monitoring Tool: What’s Running
Process Monitoring Tools
Scanning for Suspicious Registry Entries
Registry Entry Monitoring Tools
Scanning for Suspicious Device Drivers
Device Drivers Monitoring Tools: DriverView
Device Drivers Monitoring Tools
Scanning for Suspicious Windows Services
Windows Services Monitoring Tools: Windows Service Manager (SrvMan)
Windows Services Monitoring Tools
Scanning for Suspicious Startup Programs
Windows7 Startup Registry Entries
Startup Programs Monitoring Tools: Starter
Startup Programs Monitoring Tools: Security AutoRun
Startup Programs Monitoring Tools
Demo – What’s Running?
Scanning for Suspicious Files and Folders
Files and Folder Integrity Checker: FastSum and WinMD5
Files and Folder Integrity Checker
Scanning for Suspicious Network Activities
Detecting Trojans and Worms with Capsa Network Analyzer
Module Flow: Countermeasures
Trojan Countermeasures
Backdoor Countermeasures
Trojan Horse Construction Kit
Module Flow: Anti-Trojan Software
Anti-Trojan Software: TrojanHunter
Anti-Trojan Software: Emsisoft Anti-Malware
Anti-Trojan Softwares
Module Flow: Penetration Testing
Pen Testing for Trojans and Backdoors
Quotes
Module 06 Review
Module 07 – Viruses and Worms
Module Flow: Virus and Worms Concepts
Security News
Introduction to Viruses
Virus and Worm Statistics 2010
Stages of Virus Life
Working of Viruses: Infection Phase
Working of Viruses: Attack Phase
Why Do People Create Computer Viruses?
Indications of Virus Attack
How does a Computer get Infected by Viruses?
Virus Hoaxes
Virus Analysis: W32/Sality.AA
Virus Analysis: W32/Toal-A
Virus Analysis: W32/Virut
Virus Analysis: Klez
Module Flow: Types of Viruses
Types of Viruses
System or Boot Sector Viruses
File and Multipartite Viruses
Macro Viruses
Cluster Viruses
Stealth/Tunneling Viruses
Encryption Viruses
Polymorphic Code
Metamorphic Viruses
File Overwriting or Cavity Viruses
Sparse Infector Viruses
Companion/Camouflage Viruses
Shell Viruses
File Extension Viruses
Add-on and Intrusive Viruses
Transient and Terminate and Stay Resident Viruses
Writing a Simple Virus Program
Terabit Virus Maker
JPS Virus Maker
Demo – JPS Virus Maker Tool
DELmE’s Batch Virus Maker
Module Flow: Computer Worms
Computer Worms
How is a Worm Different from a Virus?
Example of Worm Infection: Conficker Worm
What does the Conficker Worm do?
How does the Conficker Worm Work?
Worm Analysis: W32/Netsky
Worm Analysis: W32/Bagle.GE
Worm Maker: Internet Worm Maker Thing
Module Flow: Malware Analysis
What is Sheep Dip Computer?
Anti-Virus Sensors Systems
Malware Analysis Procedure: Preparing Testbed
Malware Analysis Procedure
String Extracting Tool: Bintext
Compression and Decompression Tool: UPX
Process Monitoring Tools: Process Monitor
Log Packet Content Monitoring Tools: NetResident
Debugging Tool: Ollydbg
Virus Analysis Tool: IDA Pro
Online Malware Testing: Sunbelt CWSandbox
Online Malware Testing: VirusTotal
Online Malware Analysis Services
Module Flow: Countermeasures
Virus Detection Methods
Virus and Worms Countermeasures
Companion Antivirus: Immunet Protect
Anti-virus Tools
Module Flow: Penetration Testing
Penetration Testing for Virus
Quotes
Module 07 Review
Module 08 – Sniffers
Module Flow: Sniffing Concepts
Security News
Lawful Intercept
Benefits of Lawful Intercept
Network Components Used for Lawful Intercept
Wiretapping
Sniffing Threats
How a Sniffer Works?
Hacker Attacking a Switch
Types of Sniffing: Passive Sniffing
Types of Sniffing: Active Sniffing
Protocols Vulnerable to Sniffing
Tie to Data Link Layer in OSI Model
Hardware Protocol Analyzers
SPAN Port
Module Flow: MAC Attacks
MAC Flooding
MAC Address/CAM Table
How CAM Works?
What Happens When CAM Table is Full?
Mac Flooding Switches with macof
MAC Flooding Tool: Yersinia
How to Defend against MAC Attacks?
Module Flow: DHCP Attacks
How DHCP Works?
DHCP Request/Reply Messages
IPv4 DHCP Packet Format
DHCP Starvation Attack
Rogue DHCP Server Attack
DHCP Starvation Attack Tool: Gobbler
How to Defend Against DHCP Starvation and Rogue Server Attack?
Module Flow: ARP Poisoning Attacks
What is Address Resolution Protocol (ARP)?
ARP Spoofing Attack
How Does ARP Spoofing Work?
Threats of ARP Poisoning
ARP Poisoning Tool: Cain and Abel
Demo – Active Sniffing with Cain
Demo – Actively Sniffing a Switched Network with Cain
ARP Poisoning Tool: WinArpAttacker
ARP Poisoning Tool: Ufasoft Snif
How to Defend Against ARP Poisoning?
Configuring DHCP Snooping and Dynamic ARP Inspection on Cisco Switches
Module Flow: Spoofing Attack
MAC Spoofing/Duplicating
Spoofing Attack Threats
MAC Spoofing Tool: SMAC
Demo – Spoofing the MAC Address
How to Defend Against MAC Spoofing?
Module Flow: DNS Poisoning
DNS Poisoning Techniques
Intranet DNS Spoofing
Proxy Server DNS Poisoning
DNS Cache Poisoning
How to Defend Against DNS Spoofing?
Module Flow: Sniffing Tools
Sniffing Tool: Wireshark
Demo – Packet Capturing with Wireshark
Follow TCP Stream in Wireshark
Display Filters in Wireshark
Additional Wireshark Filters
Sniffing Tool: CACE Pilot
Sniffing Tool: Tcpdump/Windump
Discovery Tool: NetworkView
Discovery Tool: The Dude Sniffer
Password Sniffing Tool: Ace
Packet Sniffing Tool: Capsa Network Analyzer
OmniPeek Network Analyzer
Network Packet Analyzer: Observer
Session Capture Sniffer: NetWitness
Email Message Sniffer: Big-Mother
TCP/IP Packet Crafter: Packet Builder
Additional Sniffing Tools
How an Attacker Hacks the Network Using Sniffers?
Module Flow: Countermeasures
How to Defend Against Sniffing?
Sniffing Prevention Techniques
How to Detect Sniffing?
Promiscuous Detection Tool: PromqryUI
Promiscuous Detection Tool: PromiScan
Quotes
Module 08 Review
Module 09 – Social Engineering
Module Flow: Social Engineering Concepts
Security News
What is Social Engineering?
Behaviors Vulnerable to Attacks
Factors that Make Companies Vulnerable to Attacks
Why is Social Engineering Effective?
Warning Signs of an Attack
Phases in a Social Engineering Attack
Impact on the Organization
Command Injection Attacks
“Rebecca” and “Jessica”
Common Targets of Social Engineering
Common Targets of Social Engineering: Office Workers
Module Flow: Social Engineering Techniques
Types of Social Engineering
Human-Based Social Engineering
Technical Support Example
Authority Support Example
Human-Based Social Engineering (Cont.)
Human-Based Social Engineering: Dumpster Diving
Human-Based Social Engineering (Cont..)
Watch these Movies
Watch this Movie
Computer-Based Social Engineering
Computer-Based Social Engineering: Pop-Ups
Computer-Based Social Engineering: Phishing
Social Engineering Using SMS
Social Engineering by a “Fake SMS Spying Tool”
Insider Attack
Disgruntled Employee
Preventing Insider Threats
Common Intrusion Tactics and Strategies for Prevention
Module Flow: Impersonation on Social Networking Sites
Social Engineering Through Impersonation on Social Networking Sites
Social Engineering Example: LinkedIn Profile
Social Engineering on Facebook
Social Engineering on Twitter
Social Engineering on Orkut
Social Engineering on MySpace
Risks of Social Networking to Corporate Networks
Module Flow: Identity Theft
Identity Theft Statistics 2010
Identity Theft
How to Steal an Identity?
Step 1
Step 2
Comparison
Step 3
Real Steven Gets Huge Credit Card Statement
Identity Theft – Serious Problem
Module Flow: Social Engineering Countermeasures
Social Engineering Countermeasures: Policies
Social Engineering Countermeasures
How to Detect Phishing Emails?
Anti-Phishing Toolbar: Netcraft
Demo – Netcraft Anti-Phishing Toolbar
Anti-Phishing Toolbar: PhishTank
Identity Theft Countermeasures
Module Flow: Penetration Testing
Social Engineering Pen Testing
Social Engineering Pen Testing: Using Emails
Social Engineering Pen Testing: Using Phone
Social Engineering Pen Testing: In Person
Quotes
Module 09 Review
Module 10 – Denial of Service
Module Flow: DoS/DDoS Concepts
Security News
What is a Denial of Service Attack?
What are Distributed Denial of Service Attacks?
How Distributed Denial of Service Attacks Work?
Symptoms of a DoS Attack
Cyber Criminals
Organized Cyber Crime: Organizational Chart
Internet Chat Query (ICQ)
Internet Relay Chat (IRC)
Module Flow: DoS/DDoS Attack Techniques
DoS Attack Techniques
Bandwidth Attacks
Service Request Floods
SYN Attack
Demo – SynFlooding with hping2
SYN Flooding
ICMP Flood Attack
Peer-to-Peer Attacks
Permanent Denial-of-Service Attack
Application Level Flood Attacks
Module Flow: Botnets
Botnet
Botnet Propagation Technique
Botnet Ecosystem
Botnet Trojan: Shark
Poison Ivy: Botnet Command Control Center
Botnet Trojan: PlugBot
Module Flow: DDoS Case Study
Wikileaks
DDoS Attack
DDoS Attack Tool: LOIC
Denial of Service Attack Against MasterCard, Visa, and Swiss Banks
Hackers Advertise Links to Download Botnet
Module Flow: DoS/DDoS Attack Tools
DoS Attack Tools
Module Flow: Countermeasures
Detection Techniques
Activity Profiling
Wavelet Analysis
Sequential Change-Point Detection
DoS/DDoS Countermeasure Strategies
DDoS Attack Countermeasures
DoS/DDoS Countermeasures: Project Secondary Victims
DoS/DDoS Countermeasures: Detect and Neutralize Handlers
DoS/DDoS Countermeasures: Detect Potential Attacks
DoS/DDoS Countermeasures: Deflect Attacks
DoS/DDoS Countermeasures: Mitigate Attacks
Post-Attack Forensics
Techniques to Defend against Botnets
DoS/DDoS Countermeasures
DoS/DDoS Protection at ISP Level
Enabling TCP Intercept on Cisco IOS Software
Advanced DDoS Protection: IntelliGuard DDoS Protection System (DPS)
Module Flow: DoS/DDoS Protection Tools
DoS/DDoS Protection Tool: NetFlow Analyzer
DoS/DDoS Protection Tools
Module Flow: DoS/DDoS Penetration Testing
Denial of Service (DoS) Attack Penetration Testing
Denial of Service (DoS) Attack Pen Testing
Quotes
Module 10 Review
