EC Council - Ethical Hacking and Countermeasures Course Outline | IT Security Training in Baltimore | IT Security Courses in Baltimore | New Horizons Computer Learning Center of Baltimore | Computer Training in Baltimore, MD | Computer Training | Computer Learning in Baltimore | Computer Learning in Maryland | Computer Training in Baltimore | Computer Training in Maryland | IT Training in Baltimore | IT Training in Maryland | EC Council Security Courses in Baltimore | EC Council Security Training in Baltimore | EC-Council Security Courses in Baltimore | EC-Council Security Training in Baltimore

Home Business Solutions eLearning Room Rentals Resources About Us Careers Directions Contact Us

New Horizons Computer Learning Center
410-597-9722

Ethical Hacking and Countermeasures

Course Length: 5 Days

Overview:
This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking. This course prepares you for EC-Council Certified Ethical Hacker exam 312-50.

Prerequisites:
Windows Server 2003 Administration and Security+
or equivalent knowledge

Course Content

Lesson 1: Introduction to Ethical Hacking

Problem Definition -Why Security?
Essential Terminologies
Elements of Security
The Security, Functionality and Ease of Use Triangle
Case Study
What does a Malicious Hacker do?
Types of Hacker Attacks
Hacktivism
Hacker Classes
Security News: Suicide Hacker
Ethical Hacker Classes
What do Ethical Hackers do?
Can Hacking be Ethical
How to become an Ethical Hacker
Skill Profile of an Ethical Hacker
What is Vulnerability Research?
How to Conduct Ethical Hacking
How Do They Go About It?
Approaches to Ethical Hacking
Ethical Hacking Testing
Ethical Hacking Deliverables
Computer Crimes and Implications

Lesson 2: Hacking Laws

http://www.usdoj.gov
http://www.gob.mx/
http://www.jf.gov.br/
http://canada.justice.gc.ca/en/
http://www.opsi.gov.uk
http://europa.eu/
Belgium Laws
Denmark Laws
France Laws
German Laws
Greece Laws
Italian Laws
Netherlands Laws
Norway
The Cybercrime Act 2001
The Information Technology Act
Japan's Cyber Laws
Singapore's Cyber Laws
Act on Promotion of Information and Communications Network Utilization and Information Protection
The Computer Crimes Act 1997
http://www.legislation.gov.hk/
Telecommunication Law

Lesson 3: Footprinting

Revisiting Reconnaissance
Defining Footprinting
Why is Footprinting Necessary
Areas and Information which Attackers Seek
Information Gathering Methodology
Footprinting Tools
E-Mail Spiders
Steps to Create Fake Login Pages
How to Create Fake Login Pages
Websites using Man-in-the-Middle Phishing Kit
Benefits to Fraudster
Steps to Perform Footprinting

Lesson 4: Google Hacking

What is Google hacking
What a hacker can do with vulnerable site
Anonymity with Caches
Using Google as a Proxy Server
Directory Listings
Going Out on a Limb: Traversal Techniques
Extension Walking
Site Operator
intitle:index.of
error | warning
login | logon
username | userid | employee.ID | "your username is"
password | passcode | "your password is"
admin | administrator
-ext:html -ext:htm -ext:shtml -ext:asp -ext:php
inurl:temp | inurl:tmp | inurl:backup | inurl:bak
intranet | help.desk
Locating Public Exploit Sites
Locating Vulnerable Targets
Web Server Software Error Messages
Application Software Error Messages
Default Pages
Searching for Passwords
Google Hacking Database (GHDB)
SiteDigger Tool
Gooscan
Goolink Scanner
Goolag Scanner
Tool: Google Hacks
Google Hack Honeypot
Google Protocol
Google Cartography

Lesson 5: Scanning

Scanning: Definition
Types of Scanning
Objectives of Scanning
CEH Scanning Methodology
War Dialer Technique
Banner Grabbing
Vulnerability Scanning
Draw Network Diagrams of Vulnerable Hosts
Preparing Proxies
Scanning Countermeasures
Tool: SentryPC

Lesson 6: Enumeration

Overview of System Hacking Cycle
What is Enumeration?
Techniques for Enumeration
NetBIOS Null Sessions
PS Tools
Network Management Protocol (SNMP) Enumeration
LDAP enumeration
NTP enumeration
SMTP enumeration
Web enumeration
Winfingerprint
How To Enumerate Web Application Directories in IIS Using DirectoryServices
IP Tools Scanner
Enumerate Systems Using Default Password
Tools
Steps to Perform Enumeration

Lesson 7: System Hacking

Part 1- Cracking Password
Part 2- Escalating Privileges
Part 3 - Executing applications
Part 4 - Hiding files
Part 5 - Covering Tracks

Lesson 8: Trojans and Backdoors

Effect on Business
What is a Trojan?
Indications of a Trojan Attack
Ports Used by Trojans
Trojans
Classic Trojans Found in the Wild
Hacking Tool: Loki
Atelier Web Remote Commander
Trojan Horse Construction Kit
How to Detect Trojans?
Anti-Trojan Software
Evading Anti-Virus Techniques
Sample Code for Trojan Client/Server
Evading Anti-Trojan/Anti-Virus using Stealth Tools
Backdoor Countermeasures
Tripwire
System File Verification
MD5 Checksum.exe
Microsoft Windows Defender
How to Avoid a Trojan Infection

Lesson 9: Viruses and Worms

Virus History
Characteristics of Virus
Working of Virus
Why people create Computer Viruses
Symptoms of a Virus-like Attack
Virus Hoaxes
Chain Letters
How is a Worm Different from a Virus
Indications of a Virus Attack
Hardware Threats
Software Threats
Virus Damage
Stages of Virus Life
Virus Classification
How Does a Virus Infect?
Storage Patterns of Virus
Famous Virus/Worms - I Love You Virus
Famous Virus/Worms - Melissa
Famous Virus/Worms - JS/Spth
Klez Virus Analysis
Latest Viruses
Top 10 Viruses- 2008
Writing a Simple Virus Program
Virus Construction Kits
Virus Detection Methods
Virus Incident Response
What is Sheep Dip?
Virus Analysis - IDA Pro Tool
Prevention is better than Cure
Anti-Virus Software
Popular Anti-Virus Packages
Virus Databases

Lesson 10: Sniffers

Definition - Sniffing
Protocols Vulnerable to Sniffing
Tool: Network View - Scans the Network for Devices
The Dude Sniffer
Wireshark
Display Filters in Wireshark
Following the TCP Stream in Wireshark
Cain and Abel
Tcpdump
Tcpdump Commands
Types of Sniffing
What is ARP?
IP-based sniffing
Linux Sniffing Tools (dsniff package)
DNS Poisoning Techniques
Interactive TCP Relay
Interactive Replay Attacks
Raw Sniffing Tools
Features of Raw Sniffing Tools
How to Detect Sniffing
Countermeasures

Lesson 11: Social Engineering

What is Social Engineering?
Human Weakness
"Rebecca" and "Jessica"
Office Workers
Types of Social Engineering

Lesson 12: Phishing

Phishing
Introduction
Reasons for Successful Phishing
Phishing Methods
Process of Phishing
Types of Phishing Attacks
Phishing Statistics: Feb' 2008
Anti-Phishing
Anti-Phishing Tools

Lesson 13: Hacking Email Accounts

Ways for Getting Email Account Information
Stealing Cookies
Social Engineering
Password Phishing
Fraudulent e-mail Messages
Vulnerabilities
Tool: Advanced Stealth Email Redirector
Tool: Mail PassView
Tool: Email Password Recovery Master
Tool: Mail Password
Email Finder Pro
Email Spider Easy
Kernel Hotmail MSN Password Recovery
Retrieve Forgotten Yahoo Password
MegaHackerZ
Hack Passwords
Creating Strong Passwords
Creating Strong Passwords: Change Password
Creating Strong Passwords: Trouble Signing In
Sign-in Seal
Alternate Email Address
Keep Me Signed In/ Remember Me

Lesson 14: Denial-of-Service

Real World Scenario of DoS Attacks
What are Denial-of-Service Attacks?
Goal of DoS
Impact and the Modes of Attack
Types of Attacks
DoS Attack Classification
Bot (Derived from the Word RoBOT)
What is a DDoS Attack?
DDoS Tools
Worms
How to Conduct a DDoS Attack
The Reflected DoS Attacks
Reflection of the Exploit
Countermeasures for Reflected DoS
DDoS Countermeasures
Taxonomy of DDoS Countermeasures
Preventing Secondary Victims
Detect and Neutralize Handlers
Detect Potential Attacks
DoSHTTP Tool
Mitigate or Stop the Effects of DDoS Attacks
Deflect Attacks
Post-attack Forensics
Packet Traceback

Lesson 15: Session Hijacking

What is Session Hijacking?
Spoofing vs. Hijacking
Steps in Session Hijacking
Types of Session Hijacking
Session Hijacking Levels
Network Level Hijacking
The 3-Way Handshake
TCP Concepts 3-Way Handshake
Sequence Numbers
TCP/IP hijacking
IP Spoofing: Source Routed Packets
RST Hijacking
Blind Hijacking
Man in the Middle: Packet Sniffer
UDP Hijacking
Application Level Hijacking
Programs that Performs Session Hacking
Dangers that hijacking Pose
Protecting against Session Hijacking
Countermeasures: IPsec

Lesson 16: Hacking Web Servers

How Web Servers Work
How are Web Servers Compromised
Web Server Defacement
Attacks against IIS
Unicode
Hotfixes and Patches
Solution: UpdateExpert
Vulnerability Scanners
Online Vulnerability Search Engine
Network Tool: Whisker
Network Tool: N-Stealth HTTP Vulnerability Scanner
Hacking Tool: WebInspect
Network Tool: Shadow Security Scanner
Secure IIS
Countermeasures
Increasing Web Server Security
Web Server Protection Checklist

Lesson 17: Web Application Vulnerabilities

Web Application Setup
Web application Hacking
Anatomy of an Attack
Web Application Threats
Cross-Site Scripting/XSS Flaws
SQL Injection
Command Injection Flaws
Cookie/Session Poisoning
Parameter/Form Tampering
Hidden Field at
Buffer Overflow
Directory Traversal/Forceful Browsing
Cryptographic Interception
Cookie Snooping
Authentication Hijacking
Log Tampering
Error Message Interception
Attack Obfuscation
Platform Exploits
DMZ Protocol Attacks
Security Management Exploits
TCP Fragmentation
Hacking Tools

Lesson 18: Web-Based Password Cracking Techniques

Authentication - Definition
Authentication Mechanisms
Bill Gates at the RSA Conference 2006
How to Select a Good Password
Things to Avoid in Passwords
Changing Your Password
Protecting Your Password
Examples of Bad Passwords
The "Mary Had A Little Lamb" Formula
How Hackers Get Hold of Passwords
Windows XP: Remove Saved Passwords
What is a Password Cracker?
Modus Operandi of an Attacker Using a Password Cracker
How Does a Password Cracker Work?
Attacks - Classification
Password Crackers Available
Countermeasures

Lesson 19: SQL Injection

What is SQL Injection?
Exploiting Web Applications
Steps for performing SQL injection
What You Should Look For
What If It Doesn't Take Input
OLE DB Errors
Input Validation Attack
SQL injection Techniques
How to Test for SQL Injection Vulnerability
How Does It Work?
BadLogin.aspx.cs
BadProductList.aspx.cs
Executing Operating System Commands
Getting Output of SQL Query
Getting Data from the Database Using ODBC Error Message
How to Mine all Column Names of a Table
How to Retrieve any Data
How to Update/Insert Data into Database
SQL Injection in Oracle
SQL Injection in MySql Database
Attacking Against SQL Servers
SQL Server Resolution Service (SSRS)
Osql -L Probing
SQL Injection Automated Tools
Blind SQL Injection
SQL Injection Countermeasures
Preventing SQL Injection Attacks
GoodLogin.aspx.cs
SQL Injection Blocking Tool: SQL Block
Acunetix Web Vulnerability Scanner

Lesson 20: Hacking Wireless Networks

Introduction to Wireless
Wireless Standards
Wireless Concepts and Devices
WEP and WPA
Attacks and Hacking Tools
Scanning Tools
Sniffing Tools
Hacking Wireless Networks
Wireless Security
Wireless Security Tools

Lesson 21: Physical Security

Security Facts
Understanding Physical Security
Physical Security
What Is the Need for Physical Security
Who Is Accountable for Physical Security
Factors Affecting Physical Security
Physical Security Checklist

Lesson 22: Linux Hacking

Why Linux?
Linux Distributions
Linux Live CD-ROMs
Basic Commands of Linux: Files & Directories
Directories in Linux
Installing, Configuring, and Compiling Linux Kernel
How to Install a Kernel Patch
Compiling Programs in Linux
GCC Commands
Make Files
Make Install Command
Linux Vulnerabilities
Chrooting
Why is Linux Hacked?
How to Apply Patches to Vulnerable Programs
Scanning Networks
Nmap in Linux
Scanning Tool: Nessus
Port Scan Detection Tools
Password Cracking in Linux: Xcrack
Firewall in Linux: IPTables
IPTables Command
Basic Linux Operating System Defense
SARA (Security Auditor's Research Assistant)
Linux Tool: Netcat
Linux Tool: tcpdump
Linux Tool: Snort
Linux Tool: SAINT
Linux Tool: Wireshark
Linux Tool: Abacus Port Sentry
Linux Tool: DSniff Collection
Linux Tool: Hping2
Linux Tool: Sniffit
Linux Tool: Nemesis
Linux Tool: LSOF
Linux Tool: IPTraf
Linux Tool: LIDS
Hacking Tool: Hunt
Tool: TCP Wrappers
Linux Loadable Kernel Modules
Hacking Tool: Linux Rootkits
Rootkits: Knark & Torn
Rootkits: Tuxit, Adore, Ramen
Rootkit: Beastkit
Rootkit Countermeasures
'chkrootkit' detects the following Rootkits
Linux Tools: Application Security
Advanced Intrusion Detection Environment (AIDE)
Linux Tools: Security Testing Tools
Linux Tools: Encryption
Linux Tools: Log and Traffic Monitors
Linux Security Auditing Tool (LSAT)
Linux Security Countermeasures
Steps for Hardening Linux

Lesson 23: Evading IDS, Firewalls and Detecting Honey Pots

Introduction to Intrusion Detection System
Terminologies
Intrusion Detection System (IDS)
What is a Firewall?
Common Tool for Testing Firewall and IDS
What is a Honeypot?
Tools to Detect Honeypots
What to do when hacked

Lesson 24: Buffer Overflows

Why are Programs/Applications Vulnerable?
Buffer Overflows
Reasons for Buffer Overflow Attacks
Knowledge Required to Program Buffer Overflow Exploits
Understanding Stacks
Understanding Heaps
Types of Buffer Overflows: Stack-based Buffer Overflow
Types of Buffer Overflows: Heap-based Buffer Overflow
Understanding Assembly Language
How to Detect Buffer Overflows in a Program
NOPs
How to Mutate a Buffer Overflow Exploit
Once the Stack is Smashed
Defense Against Buffer Overflows
Buffer Overflow Protection Solution: Libsafe
Simple Buffer Overflow in C

Lesson 25: Cryptography

Introduction to Cryptography
Classical Cryptographic Techniques
Cryptographic Algorithms
RSA (Rivest Shamir Adleman)
Data Encryption Standard (DES)
RC4, RC5, RC6, Blowfish
Message Digest Functions
SHA (Secure Hash Algorithm)
SSL (Secure Sockets Layer)
What is SSH?
Algorithms and Security
Disk Encryption
Government Access to Keys (GAK)
Digital Signature
Digital Certificates
PGP (Pretty Good Privacy)
CypherCalc
Command Line Scriptor
CryptoHeaven
Hacking Tool: PGP Crack
Magic Lantern
Advanced File Encryptor
Encryption Engine
Encrypt Files
Encrypt PDF
Encrypt Easy
Encrypt my Folder
Advanced HTML Encrypt and Password Protect
Encrypt HTML source
Alive File Encryption
Omziff
ABC CHAOS
EncryptOnClick
CryptoForge
SafeCryptor
CrypTool
Microsoft Cryptography Tools
Polar Crypto Light
CryptoSafe
Crypt Edit
CrypSecure
Cryptlib
Crypto++ Library
Code Breaking: Methodologies
Cryptanalysis
Cryptography Attacks
Brute-Force Attack
Cracking S/MIME Encryption Using Idle CPU Time
distributed.net
Use Of Cryptography

Lesson 26: Penetration Testing

Introduction to Penetration Testing (PT)
Categories of security assessments
Vulnerability Assessment
Limitations of Vulnerability Assessment
Penetration Testing
Types of Penetration Testing
Risk Management
Do-It-Yourself Testing
Outsourcing Penetration Testing Services
Terms of Engagement
Project Scope
Pentest Service Level Agreements
Testing points
Testing Locations
Automated Testing
Manual Testing
Using DNS Domain Name and IP Address Information
Enumerating Information about Hosts on Publicly Available Networks
Testing Network-filtering Devices
Enumerating Devices
Denial-of-Service Emulation
Pentest using Appscan
HackerShield
Pen-Test Using Cerberus Internet Scanner
Pen-Test Using Cybercop Scanner
Pen-Test Using FoundScan Hardware Appliances
Pen-Test Using Nessus
Pen-Test Using NetRecon
Pen-Test Using SAINT
Pen-Test Using SecureNet Pro
Pen-Test Using SecureScan
Pen-Test Using SATAN, SARA and Security Analyzer
Pen-Test Using STAT Analyzer
Pentest Using VigilENT
Pentest Using WebInspect
Pentest Using CredDigger
Pentest Using Nsauditor
Evaluating Different Types of Pen-Test Tools
Asset Audit
Fault Tree and Attack Trees
GAP Analysis
Threat
Business Impact of Threat
Internal Metrics Threat
External Metrics Threat
Calculating Relative Criticality
Test Dependencies
Defect Tracking Tools: Bug Tracker Server
Disk Replication Tools
DNS Zone Transfer Testing Tools
Network Auditing Tools
Trace Route Tools and Services
Network Sniffing Tools
Denial of Service Emulation Tools
Traditional Load Testing Tools
System Software Assessment Tools
Operating System Protection Tools
Fingerprinting Tools
Port Scanning Tools
Directory and File Access Control Tools
File Share Scanning Tools
Password Directories
Password Guessing Tools
Link Checking Tools
Web-Testing Based Scripting tools
Buffer Overflow protection Tools
File Encryption Tools
Database Assessment Tools
Keyboard Logging and Screen Reordering Tools
System Event Logging and Reviewing Tools
Tripwire and Checksum Tools
Mobile-code Scanning Tools
Centralized Security Monitoring Tools
Web Log Analysis Tools
Forensic Data and Collection Tools
Security Assessment Tools
Multiple OS Management Tools
Phases of Penetration Testing
Pre-attack Phase
Best Practices
Results that can be Expected
Passive Reconnaissance
Active Reconnaissance
Attack Phase
Post Attack Phase and Activities
Penetration Testing Deliverables Templates

Lesson 27: Covert Hacking

Insider Attacks
What is Covert Channel?
Security Breach
Why Do You Want to Use Covert Channel?
Motivation of a Firewall Bypass
Covert Channels Scope
Covert Channel: Attack Techniques
Simple Covert Attacks
Advanced Covert Attacks
Standard Direct Connection
Reverse Shell (Reverse Telnet)
Direct Attack Example
In-Direct Attack Example
Reverse Connecting Agents
Covert Channel Attack Tools
Covert Channel Hacking Tool: Active Port Forwarder
Covert Channel Hacking Tool: CCTT
Covert Channel Hacking Tool: Firepass
Covert Channel Hacking Tool: MsnShell
Covert Channel Hacking Tool: Web Shell
Covert Channel Hacking Tool: NCovert
Covert Channel Hacking via Spam E-mail Messages
Hydan

Lesson 28: Writing Virus Codes

Introduction of Virus
Types of Viruses
Symptoms of a Virus Attack
Prerequisites for Writing Viruses
Required Tools and Utilities
Virus Infection Flow Chart
Components of Viruses
Testing Virus Codes
Tips for Better Virus Writing

Lesson 29: Assembly Language Tutorial

Base 10 System
Base 2 System
Decimal 0 to 15 in Binary
Binary Addition (C stands for Canary)
Hexadecimal Number
Hex Example
Hex Conversion
nibble
Computer memory
Characters Coding
ASCII and UNICODE
CPU
Machine Language
Compilers
Clock Cycle
Original Registers
Instruction Pointer
Pentium Processor
Interrupts
Interrupt handler
External interrupts and Internal interrupts
Handlers
Machine Language
Assembly Language
Assembler
Assembly Language Vs High-level Language
Assembly Language Compilers
Instruction operands
MOV instruction
ADD instruction
SUB instruction
INC and DEC instructions
Directive
preprocessor
equ directive
%define directive
Data directives
Labels
Input and output
C Interface
Call
Creating a Program
Why should anyone learn assembly at all?

Lesson 30: Exploit Writing

Exploits Overview
Prerequisites for Writing Exploits and Shellcodes
Purpose of Exploit Writing
Types of Exploits
Stack Overflow
Heap Corruption
The Proof-of-Concept and Commercial Grade Exploit
Converting a Proof of Concept Exploit to Commercial Grade Exploit
Attack Methodologies
Socket Binding Exploits
Tools for Exploit Writing
Steps for Writing an Exploit
Differences Between Windows and Linux Exploits
Shellcodes
NULL Byte
Types of Shellcodes
Tools Used for Shellcode Development
Steps for Writing a Shellcode
Issues Involved With Shellcode Writing

Lesson 31: Smashing the Stack for Fun and Profit

What is a Buffer?
Static Vs Dynamic Variables
Stack Buffers
Data Region
Memory Process Regions
What Is A Stack?
Why Do We Use A Stack?
The Stack Region
Stack frame
Stack pointer
Procedure Call (Procedure Prolog)
Compiling the code to assembly
Call Statement
Return Address (RET)
Word Size
Stack
Buffer Overflows
Error
Why do we get a segmentation violation?
Segmentation Error
Instruction Jump
Guess Key Parameters
Calculation
Shell Code
The code in Assembly
JMP
Code using indexed addressing
Offset calculation
shellcodeasm.c
testsc.c
Compile the code
NULL byte
shellcodeasm2.c
testsc2.c
Writing an Exploit
overflow1.c
Compiling the code
sp.c
vulnerable.c
NOPs

Lesson 32: Windows Based Buffer Overflow Exploit Writing

Buffer Overflow
Stack overflow
Writing Windows Based Exploits
Exploiting stack based buffer overflow
OpenDataSource Buffer Overflow Vulnerability Details
Simple Proof of Concept
Windbg.exe
Analysis
EIP Register
Execution Flow
But where can we jump to?
Offset Address
The Query
Finding jmp esp
Debug.exe
listdlls.exe
Msvcrt.dll
Out.sql
The payload
ESP
Limited Space
Getting Windows API/function absolute address
Memory Address
Other Addresses
Compile the program
Final Code

Lesson 33: Reverse Engineering

Applications of Reverse Engineering
Ethical Reverse Engineering
World War Case Study
DMCA Act
What is Disassembler?
Why do you need to decompile?
Professional Disassembler Tools
Tool: IDA Pro
Convert Machine Code to Assembly Code
Decompilers
Program Obfuscation
Convert Assembly Code to C++ code
Machine Decompilers
Tool: dcc
Machine Code of compute.exe Prorgam
Assembly Code of compute.exe Program
Code Produced by the dcc Decompiler in C
Tool: Boomerang
What Boomerang Can Do?
Andromeda Decompiler
Tool: REC Decompiler
Tool: EXE To C Decompiler
Delphi Decompilers
Tools for Decompiling .NET Applications
Salamander .NET Decompiler
Tool: LSW DotNet-Reflection-Browser
Tool: Reflector
Tool: Spices NET.Decompiler
Tool: Decompilers.NET
.NET Obfuscator and .NET Obfuscation
Java Bytecode Decompilers
Tool: JODE Java Decompiler
Tool: JREVERSEPRO
Tool: SourceAgain
Tool: ClassCracker
Python Decompilers
Reverse Engineering Tutorial
OllyDbg Debugger
How Does OllyDbg Work?
Debugging a Simple Console Application

Lesson 34: Mac OS X Hacking

Introduction to MAC OS
Vulnerabilities in MAC
How a Malformed Installer Package Can Crack Mac OS X
Worm and Viruses in MAC
Anti-Viruses in MAC
Mac Security Tools
Countermeasures

Lesson 35: Hacking Routers, Cable Modems and Firewalls

Network Devices
Identifying a Router
HTTP Configuration Arbitrary Administrative Access Vulnerability
ADMsnmp
Solarwinds MIB Browser
Brute-Forcing Login Services
Hydra
Analyzing the Router Config
Cracking the Enable Password
Tool: Cain and Abel
Implications of a Router Attack
Types of Router Attacks
Router Attack Topology
Denial of Service (DoS) Attacks
Packet "Mistreating" Attacks
Routing Table Poisoning
Hit-and-run Attacks vs. Persistent Attacks
Cisco Router
Eigrp-tool
Tool: Zebra
Tool: Yersinia for HSRP, CDP, and other layer 2 attacks
Tool: Cisco Torch
Monitoring SMTP(port25) Using SLcheck
Monitoring HTTP(port 80)
Cable Modem Hacking
www.bypassfirewalls.net
Waldo Beta 0.7 (b)

Lesson 36: Hacking Mobile Phones, PDA and Handheld Devices

Different OS in Mobile Phone
Different OS Structure in Mobile Phone
Evolution of Mobile Threat
Threats
Different OS in Mobile Phone
Different OS Structure in Mobile Phone
Evolution of Mobile Threat
Threats
What Can A Hacker Do
Vulnerabilities in Different Mobile Phones
Malware
Spyware
Blackberry
PDA
iPod
Mobile: Is It a Breach to Enterprise Security?
Viruses
Antivirus
Security Tools
Defending Cell Phones and PDAs Against Attack
Mobile Phone Security Tips

Lesson 37: Bluetooth Hacking

Bluetooth Introduction
Security Issues in Bluetooth
Security Attacks in Bluetooth Devices
Bluetooth hacking tools
Bluetooth Viruses and Worms
Bluetooth Security tools
Countermeasures

Lesson 38: VoIP Hacking

What is VoIP
VoIP Hacking Steps
Footprinting
Scanning
Enumeration
Steps to Exploit the Network
Covering Tracks

Lesson 39: RFID Hacking

RFID- Definition
Components of RFID Systems
RFID Collisions
RFID and Privacy Issues
Countermeasures
RFID Security and Privacy Threats
Protection Against RFID Attacks
RFID Guardian
RFID Malware
RFID Exploits
Vulnerabilities in RFID-enabled Credit Cards
RFID Hacking Tool: RFDump
RFID Security Controls RFID Security

Lesson 40: Spamming

Introduction
Techniques used by Spammers
How Spamming is performed
Spammer: Statistics
Worsen ISP: Statistics
Top Spam Effected Countries: Statistics
Types of Spam Attacks
Spamming Tools
Anti-Spam Techniques
Anti- Spamming Tools
Countermeasures

Lesson 41: Hacking USB Devices

Introduction to USB Devices
Electrical Attack
Software Attack
USB Attack on Windows
Viruses and Worms
Hacking Tools
USB Security Tools
Countermeasures

Lesson 42: Hacking Database Servers

Hacking Database server: Introduction
Hacking Oracle Database Server
Hacking SQL Server
Security Tools
SQL Server Security Best Practices: Administrator Checklist

Lesson 43: Cyber Warfare- Hacking, Al-Qaida and Terrorism

Cyber Terrorism Over Internet
Cyber-Warfare Attacks
45 Muslim Doctors Planned US Terror Raids
Net Attack
Al-Qaeda
Why Terrorists Use Cyber Techniques
Cyber Support to Terrorist Operations
Planning
Recruitment
Research
Propaganda
Propaganda: Hizballah Website
Cyber Threat to the Military
Russia 'hired botnets' for Estonia Cyber-War
NATO Threatens War with Russia
Bush on Cyber War: 'a subject I can learn a lot about'
E.U. Urged to Launch Coordinated Effort Against Cybercrime
Budget: Eye on Cyber-Terrorism Attacks
Cyber Terror Threat is Growing, Says Reid
Terror Web 2.0
Table 1: How Websites Support Objectives of terrorist/Extremist Groups
Electronic Jihad
Electronic Jihad' App Offers Cyber Terrorism for the Masses
Cyber Jihad - Cyber Firesale
http://internet-haganah.com/haganah/

Lesson 44: Internet Content Filtering Techniques

Introduction to Internet Filter
Key Features of Internet Filters
Pros and Cons of Internet Filters
Internet Content Filtering Tools

Lesson 45: Privacy on the Internet

Internet privacy
Proxy privacy
Spyware privacy
Email privacy
Cookies
Examining Information in Cookies
How Internet Cookies Work
How Google Stores Personal Information
Google Privacy Policy
Web Browsers
Web Bugs
Downloading Freeware
Internet Relay Chat
Pros and Cons of Internet Relay Chat
Electronic Commerce
Internet Privacy Tools: Anonymizers
Internet Privacy Tools: Firewall Tools
Internet Privacy Tools: Others
Best Practices
Countermeasures

Lesson 46: Securing Laptop Computers

Statistics for Stolen and Recovered Laptops
Statistics on Security
Percentage of Organizations Following the Security Measures
Laptop threats
Laptop Theft
Fingerprint Reader
Protecting Laptops Through Face Recognition
Bluetooth in Laptops
Tools
Securing from Physical Laptop Thefts
Hardware Security for Laptops
Protecting the Sensitive Data
Preventing Laptop Communications from Wireless Threats
Protecting the Stolen Laptops from Being Used
Security Tips

Lesson 47: Spying Technologies

Spying
Motives of Spying
Spying Devices
Vendors Hosting Spy Devices
Spying Tools
Anti-Spying Tools

Lesson 48: Corporate Espionage- Hacking Using Insiders

Introduction To Corporate Espionage
Information Corporate Spies Seek
Insider Threat
Different Categories of Insider Threat
Privileged Access
Driving Force behind Insider Attack
Common Attacks carried out by Insiders
Techniques Used for Corporate Espionage
Process of Hacking
Former Forbes Employee Pleads Guilty
Former Employees Abet Stealing Trade Secrets
California Man Sentenced For Hacking
Federal Employee Sentenced for Hacking
Facts
Key Findings from U.S Secret Service and CERT Coordination Center/SEI study on Insider Threat
Tools
Countermeasures

Lesson 49: Creating Security Policies

Security policies
Key Elements of Security Policy
Defining the Purpose and Goals of Security Policy
Role of Security Policy
Classification of Security Policy
Design of Security Policy
Contents of Security Policy
Configurations of Security Policy
Implementing Security Policies
Types of Security Policies
Policy Statements
Basic Document Set of Information Security Policies
E-mail Security Policy
Software Security Policy
Software License Policy
Points to Remember While Writing a Security Policy
Sample Policies

Lesson 50: Software Piracy and Warez

Software Activation: Introduction
Piracy
Software Copy Protection Backgrounders
Warez
Tool: Crypkey
Tool: EnTrial
EnTrial Tool: Distribution File
EnTrial Tool: Product & Package Initialization Dialog
EnTrial Tool: Add Package GUI
Tool: DF_ProtectionKit
Tool: Crack Killer
Tool: Logic Protect
Tool: Software License Manager
Tool: Quick License Manager
Tool: WTM CD Protect

Lesson 51: Hacking and Cheating Online Games

Online Games: Introduction
Basics of Game Hacking
Threats in Online Gaming
Cheating in Online Computer Games
Types of Exploits
Example of popular game exploits
Stealing Online Game Passwords
Online Gaming Malware from 1997-2007
Best Practices for Secure Online Gaming
Tips for Secure Online Gaming

Lesson 52: Hacking RSS and Atom

Introduction
Areas Where RSS and Atom is Used
Building a Feed Aggregator
Routing Feeds to the Email Inbox
Monitoring the Server with Feeds
Tracking Changes in Open Source Projects
Risks by Zone
Reader Specific Risks
Utilizing the Web Feeds Vulnerabilities
Example for Attacker to Attack the Feeds
Tools

Lesson 53: Hacking Web Browsers (Firefox, IE)

Introduction
How Web Browsers Work
How Web Browsers Access HTML Documents
Protocols for an URL
Hacking Firefox
Firefox Security
Hacking Internet Explorer
Internet Explorer Security
Hacking Opera
Security Features of Opera
Hacking Safari
Securing Safari
Hacking Netscape
Securing Netscape

Lesson 54: Proxy Server Technologies

Introduction: Proxy Server
Working of Proxy Server
Types of Proxy Server
Socks Proxy
Free Proxy Servers
Use of Proxies for Attack
Tools
How Does MultiProxy Work
TOR Proxy Chaining Software
TOR Proxy Chaining Software
AnalogX Proxy
NetProxy
Proxy+
ProxySwitcher Lite
Tool: JAP
Proxomitron
SSL Proxy Tool
How to Run SSL Proxy

Lesson 55: Data Loss Prevention

Introduction: Data Loss
Causes of Data Loss
How to Prevent Data Loss
Impact Assessment for Data Loss Prevention
Tools

Lesson 56: Hacking Global Positioning System (GPS)

Geographical Positioning System (GPS)
Terminologies
GPS Devices Manufacturers
Gpsd-GPS Service Daemon
Sharing Waypoints
Wardriving
Areas of Concern
Sources of GPS Signal Errors
Methods to Mitigate Signal Loss
GPS Secrets
Firmware Hacking
GPS Tools

Lesson 57: Computer Forensics and Incident Handling

Computer Forensics
Incident Handling
Incident Management
Why don't Organizations Report Computer Crimes
Estimating Cost of an Incident
Whom to Report an Incident
Incident Reporting
Vulnerability Resources
What is CSIRT
World CERTs http://www.trusted-introducer.nl/teams/country.html
http://www.first.org/about/organization/teams/
IRTs Around the World

Lesson 58: Credit Card Frauds

E-Crime
Statistics
Credit Card
Credit Card Generators
Credit Card Fraud Detection
Best Practices: Ways to Protect Your Credit Cards

Lesson 59: How to Steal Passwords

Password Stealing
How to Steal Passwords
Password Stealing Techniques
Password Stealing Trojans
Password Stealing Tools
Recommendations for Improving Password Security
Best Practices

Lesson 60: Firewall Technologies

Firewalls: Introduction
Hardware Firewalls
Software Firewalls
Windows Firewalls
Linux Firewalls
Mac OS X Firewalls

Lesson 61: Threats and Countermeasures

Domain Level Policies
Enforce Password History
Maximum Password Age
Minimum Password Length
Passwords Must Meet Complexity Requirements
Store Password Using Reversible Encryption for All Users In The Domain
Account Lockout Policy
Account Lockout Duration
Account Lockout Threshold
Reset Account Lockout Counter After
Kerberos Policy
Enforce User Logon Restrictions
Maximum Lifetime for Service Ticket
Maximum Tolerance for Computer Clock Synchronization
Audit Policy
User Rights
Access this Computer from the Network
Act as Part of the Operating System
Add Workstations to Domain
Adjust Memory Quotas for a Process
Allow Log On Locally
Allow Log On through Terminal Services
Back Up Files and Directories
Bypass Traverse Checking
Change the System Time
Create a Page File
Create a Token Object
Create Global Objects
Create Permanent Shared Objects
Debug Programs
Deny Access to this Computer from the Network
Deny Log On as a Batch Job
Deny Log On as a Service
Deny Log On Locally
Deny Log On through Terminal Services
Enable Computer and User Accounts to be Trusted for Delegation
Force Shutdown from a Remote System
Generate Security Audits
Impersonate a Client after Authentication
Increase Scheduling Priority
Load and Unload Device Drivers
Lock Pages in Memory
Log On as a Batch Job
Log On as a Service
Manage Auditing and Security Log
Modify Firmware Environment Values
Perform Volume Maintenance Tasks
Profile Single Process
Profile System Performance
Remove Computer from Docking Station
Replace a Process Level Token
Restore Files and Directories
Shut Down the System
Synchronize Directory Service Data
Take Ownership of Files or Other Objects
Security Options
Accounts: Administrator Account Status
Audit: Audit the Access of Global System Objects
DCOM: Machine Access/Launch Restrictions in Security Descriptor Definition Language (SDDL)
Devices: Allow Undock without having to Log On
Devices: Allowed to Format and Eject Removable Media
Devices: Prevent Users from Installing Printer Drivers
Devices: Restrict CD-ROM/Floppy Access to Locally Logged-on User Only
Devices: Restrict CD-ROM Access to Locally Logged-on User Only
Devices: Unsigned Driver Installation Behavior
Domain Controller: Allow Server Operators to Schedule Tasks
Domain Controller: LDAP Server Signing Requirements
Domain Controller: Refuse Machine Account Password Changes
Domain Member: Digitally Encrypt or Sign Secure Channel Data
Domain Member: Disable Machine Account Password Changes
Domain Member: Maximum Machine Account Password Age
Domain Member: Require Strong (Windows 2000 or Later) Session Key
Interactive Logon: Do Not Display Last User Name
Interactive Logon: Do Not Require CTRL+ALT+DEL
Interactive Logon: Message Text for Users Attempting to Log On
Interactive Logon: Number of Previous Logons to Cache
Interactive Logon: Prompt User to Change Password before Expiration
Interactive Logon: Require Domain Controller Authentication to Unlock Workstation
Interactive Logon: Require Smart Card
Interactive Logon: Smart Card Removal Behavior
Microsoft Network Client and Server: Digitally Sign Communications (Four Related Settings)
Microsoft Network Client: Send Unencrypted Password to Third-party SMB Servers
Microsoft Network Server: Amount of Idle Time Required before Suspending Session
Microsoft Network Server: Disconnect Clients when Logon Hours Expire
Network Access: Allow Anonymous SID/Name Translation

Lesson 62: Case Studies

Lesson 63: Botnets

Lesson 64: Economic Espionage

Lesson 65: Patch Management

Lesson 66: Security Convergence

Lesson 67: Identifying the Terrorist

6940 Tudsbury Road, Baltimore, MD 21244
P: 410-597-9722
www.nhbaltimore.com