|
Course Outline Version 6
Introduction to Ethical Hacking
* Problem Definition -Why Security?
* Essential Terminologies
* Elements of Security
* The Security, Functionality and Ease of Use Triangle
* Case Study
* What does a Malicious Hacker do?
o Phase1-Reconnaissaance
· Reconnaissance Types
o Phase2-Scanning
o Phase3-Gaining Access
o Phase4-Maintaining Access
o Phase5-Covering Tracks
* Types of Hacker Attacks
o Operating System attacks
o Application-level attacks
o Shrink Wrap code attacks
o Misconfiguration attacks
* Hacktivism
* Hacker Classes
* Security News: Suicide Hacker
* Ethical Hacker Classes
* What do Ethical Hackers do
* Can Hacking be Ethical
* How to become an Ethical Hacker
* Skill Profile of an Ethical Hacker
* What is Vulnerability Research
o Why Hackers Need Vulnerability Research
o Vulnerability Research Tools
o Vulnerability Research Websites
· National Vulnerability Database (nvd.nist.gov)
· Securitytracker (www.securitytracker.com)
· Securiteam (www.securiteam.com)
· Secunia (www.secunia.com)
· Hackerstorm Vulnerability Database Tool (www.hackerstrom.com)
· HackerWatch (www.hackerwatch.org)
· MILWORM
* How to Conduct Ethical Hacking
* How Do They Go About It
* Approaches to Ethical Hacking
* Ethical Hacking Testing
* Ethical Hacking Deliverables
* Computer Crimes and Implications
Hacking Laws
§ U.S. Securely Protect Yourself Against Cyber Trespass Act (SPY ACT)
§ Legal Perspective (U.S. Federal Law)
o 18 U.S.C. § 1029
· Penalties
o 18 U.S.C. § 1030
· Penalties
o 18 U.S.C. § 1362
o 18 U.S.C. § 2318
o 18 U.S.C. § 2320
o 18 U.S.C. § 1831
o 47 U.S.C. § 605, unauthorized publication or use of communications
o Washington:
· RCW 9A.52.110
o Florida:
· § 815.01 to 815.07
o Indiana:
· IC 35-43
§ Federal Managers Financial Integrity Act of 1982
§ The Freedom of Information Act 5 U.S.C. § 552
§ Federal Information Security Management Act (FISMA)
§ The Privacy Act Of 1974 5 U.S.C. § 552a
§ USA Patriot Act of 2001
§ United Kingdom’s Cyber Laws
§ United Kingdom: Police and Justice Act 2006
§ European Laws
§ Japan’s Cyber Laws
§ Australia : The Cybercrime Act 2001
§ Indian Law: THE INFORMTION TECHNOLOGY ACT
§ Argentina Laws
§ Germany’s Cyber Laws
§ Singapore’s Cyber Laws
§ Belgium Law
§ Brazilian Laws
§ Canadian Laws
§ France Laws
§ German Laws
§ Italian Laws
§ MALAYSIA: THE COMPUTER CRIMES ACT 1997
§ HONGKONG: TELECOMMUNICATIONS
§ Korea: ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION, ETC.
§ Greece Laws
§ Denmark Laws
§ Netherlands Laws
§ Norway
§ ORDINANCE
§ Mexico
§ SWITZERLAND
Footprinting
* Revisiting Reconnaissance
* Defining Footprinting
* Why is Footprinting Necessary
* Areas and Information which Attackers Seek
* Information Gathering Methodology
o Unearthing Initial Information
· Finding Company’s URL
· Internal URL
· Extracting Archive of a Website
§ www.archive.org
· Google Search for Company’s Info
· People Search
§ Yahoo People Search
§ Satellite Picture of a Residence
§ Best PeopleSearch
§ People-Search-America.com
§ Switchboard
§ Anacubis
§ Google Finance
§ Yahoo Finance
· Footprinting through Job Sites
· Passive Information Gathering
· Competitive Intelligence Gathering
§ Why Do You Need Competitive Intelligence?
§ Competitive Intelligence Resource
§ Companies Providing Competitive Intelligence Services
§ Carratu International
§ CI Center
§ Competitive Intelligence - When Did This Company Begin? How Did It Develop?
§ Competitive Intelligence - Who Leads This Company
§ Competitive Intelligence - What Are This Company's Plans
§ Competitive Intelligence - What Does Expert Opinion Say About The Company
§ Competitive Intelligence - Who Are The Leading Competitors?
§ Competitive Intelligence Tool: Trellian
§ Competitive Intelligence Tool: Web Investigator
· Public and Private Websites
* Footprinting Tools
o Sensepost Footprint Tools
o Big Brother
o BiLE Suite
o Alchemy Network Tool
o Advanced Administrative Tool
o My IP Suite
o Wikto Footprinting Tool
o Whois Lookup
o Whois
o SmartWhois
o ActiveWhois
o LanWhois
o CountryWhois
o WhereIsIP
o Ip2country
o CallerIP
o Web Data Extractor Tool
o Online Whois Tools
o What is MyIP
o DNS Enumerator
o SpiderFoot
o Nslookup
o Extract DNS Information
o Types of DNS Records
o Necrosoft Advanced DIG
o Expired Domains
o DomainKing
o Domain Name Analyzer
o DomainInspect
o MSR Strider URL Tracer
o Mozzle Domain Name Pro
o Domain Research Tool (DRT)
o Domain Status Reporter
o Reggie
o Locate the Network Range
· ARIN
· Traceroute
§ Traceroute Analysis
· 3D Traceroute
· NeoTrace
· VisualRoute Trace
· Path Analyzer Pro
· Maltego
· Layer Four Traceroute
· Prefix WhoIs widget
· Touchgraph
· VisualRoute Mail Tracker
· eMailTrackerPro
· Read Notify
* E-Mail Spiders
o 1st E-mail Address Spider
o Power E-mail Collector Tool
o GEOSpider
o Geowhere Footprinting Tool
o Google Earth
o Kartoo Search Engine
o Dogpile (Meta Search Engine)
o Tool: WebFerret
o robots.txt
o WTR - Web The Ripper
o Website Watcher
* Steps to Create Fake Login Pages
* How to Create Fake Login Pages
* Faking Websites using Man-in-the-Middle Phishing Kit
* Benefits to Fraudster
* Steps to Perform Footprinting
Google Hacking
§ What is Google hacking
§ What a hacker can do with vulnerable site
§ Anonymity with Caches
§ Using Google as a Proxy Server
§ Directory Listings
o Locating Directory Listings
o Finding Specific Directories
o Finding Specific Files
o Server Versioning
§ Going Out on a Limb: Traversal Techniques
o Directory Traversal
o Incremental Substitution
Extension Walking
* Site Operator
* intitle:index.of
* error | warning
* login | logon
* username | userid | employee.ID | “your username is”
* password | passcode | “your password is”
* admin | administrator
o admin login
* –ext:html –ext:htm –ext:shtml –ext:asp –ext:php
* inurl:temp | inurl:tmp | inurl:backup | inurl:bak
* intranet | help.desk
* Locating Public Exploit Sites
o Locating Exploits Via Common Code Strings
+ Searching for Exploit Code with Nonstandard Extensions
+ Locating Source Code with Common Strings
* Locating Vulnerable Targets
o Locating Targets Via Demonstration Pages
+ “Powered by” Tags Are Common Query Fodder for Finding Web Applications
o Locating Targets Via Source Code
+ Vulnerable Web Application Examples
o Locating Targets Via CGI Scanning
+ A Single CGI Scan-Style Query
* Directory Listings
o Finding IIS 5.0 Servers
* Web Server Software Error Messages
o IIS HTTP/1.1 Error Page Titles
o “Object Not Found” Error Message Used to Find IIS 5.0
o Apache Web Server
+ Apache 2.0 Error Pages
* Application Software Error Messages
o ASP Dumps Provide Dangerous Details
o Many Errors Reveal Pathnames and Filenames
o CGI Environment Listings Reveal Lots of Information
* Default Pages
o A Typical Apache Default Web Page
o Locating Default Installations of IIS 4.0 on Windows NT 4.0/OP
o Default Pages Query for Web Server
o Outlook Web Access Default Portal
* Searching for Passwords
o Windows Registry Entries Can Reveal Passwords
o Usernames, Cleartext Passwords, and Hostnames!
* Google Hacking Database (GHDB)
* SiteDigger Tool
* Gooscan
* Goolink Scanner
* Goolag Scanner
* Tool: Google Hacks
* Google Hack Honeypot
* Google Protocol
* Google Cartography
Scanning
* Scanning: Definition
* Types of Scanning
* Objectives of Scanning
* CEH Scanning Methodology
o Checking for live systems - ICMP Scanning
· Angry IP
· HPing2
· Ping Sweep
· Firewalk Tool
· Firewalk Commands
· Firewalk Output
· Nmap
· Nmap: Scan Methods
· NMAP Scan Options
· NMAP Output Format
· TCP Communication Flags
· Three Way Handshake
o Syn Stealth/Half Open Scan
o Stealth Scan
o Xmas Scan
o Fin Scan
o Null Scan
o Idle Scan
o ICMP Echo Scanning/List Scan
o TCP Connect/Full Open Scan
o FTP Bounce Scan
· Ftp Bounce Attack
o SYN/FIN Scanning Using IP Fragments
o UDP Scanning
o Reverse Ident Scanning
o RPC Scan
o Window Scan
o Blaster Scan
o Portscan Plus, Strobe
o IPSec Scan
o Netscan Tools Pro
o WUPS – UDP Scanner
o Superscan
o IPScanner
o Global Network Inventory Scanner
o Net Tools Suite Pack
o Floppy Scan
o FloppyScan Steps
o E-mail Results of FloppyScan
o Atelier Web Ports Traffic Analyzer (AWPTA)
o Atelier Web Security Port Scanner (AWSPS)
o IPEye
o ike-scan
o Infiltrator Network Security Scanner
o YAPS: Yet Another Port Scanner
o Advanced Port Scanner
o NetworkActiv Scanner
o NetGadgets
o P-Ping Tools
o MegaPing
o LanSpy
o HoverIP
o LANView
o NetBruteScanner
o SolarWinds Engineer’s Toolset
o AUTAPF
o OstroSoft Internet Tools
o Advanced IP Scanner
o Active Network Monitor
o Advanced Serial Data Logger
o Advanced Serial Port Monitor
o WotWeb
o Antiy Ports
o Port Detective
o Roadkil’s Detector
o Portable Storage Explorer
* War Dialer Technique
o Why War Dialing
o Wardialing
o Phonesweep – War Dialing Tool
o THC Scan
o ToneLoc
o ModemScan
o War Dialing Countermeasures: Sandtrap Tool
* Banner Grabbing
o OS Fingerprinting
· Active Stack Fingerprinting
· Passive Fingerprinting
o Active Banner Grabbing Using Telnet
o GET REQUESTS
o P0f – Banner Grabbing Tool
o p0f for Windows
o Httprint Banner Grabbing Tool
o Tool: Miart HTTP Header
o Tools for Active Stack Fingerprinting
· Xprobe2
· Ringv2
· Netcraft
o Disabling or Changing Banner
o IIS Lockdown Tool
o Tool: ServerMask
o Hiding File Extensions
o Tool: PageXchanger
* Vulnerability Scanning
o Bidiblah Automated Scanner
o Qualys Web Based Scanner
o SAINT
o ISS Security Scanner
o Nessus
o GFI Languard
o Security Administrator’s Tool for Analyzing Networks (SATAN)
o Retina
o Nagios
o PacketTrap's pt360 Tool Suite
o NIKTO
§ SAFEsuite Internet Scanner, IdentTCPScan
* Draw Network Diagrams of Vulnerable Hosts
o Cheops
o Friendly Pinger
o LANsurveyor
o Ipsonar
o LANState
§ Insightix Visibility
§ IPCheck Server Monitor
§ PRTG Traffic Grapher
* Preparing Proxies
o Proxy Servers
o Free Proxy Servers
o Use of Proxies for Attack
o SocksChain
o Proxy Workbench
o Proxymanager Tool
o Super Proxy Helper Tool
o Happy Browser Tool (Proxy Based)
o Multiproxy
o Tor Proxy Chaining Software
o Additional Proxy Tools
o Anonymizers
· Surfing Anonymously
· Primedius Anonymizer
· StealthSurfer
· Anonymous Surfing: Browzar
· Torpark Browser
· GetAnonymous
· IP Privacy
· Anonymity 4 Proxy (A4Proxy)
· Psiphon
· Connectivity Using Psiphon
· AnalogX Proxy
· NetProxy
· Proxy+
· ProxySwitcher Lite
· JAP
· Proxomitron
o Google Cookies
· G-Zapper
o SSL Proxy Tool
o How to Run SSL Proxy
o HTTP Tunneling Techniques
· Why Do I Need HTTP Tunneling
· Httptunnel for Windows
· How to Run Httptunnel
· HTTP-Tunnel
· HTTPort
o Spoofing IP Address
· Spoofing IP Address Using Source Routing
· Detection of IP Spoofing
· Despoof Tool
* Scanning Countermeasures
* Tool: SentryPC
Enumeration
* Overview of System Hacking Cycle
* What is Enumeration?
* Techniques for Enumeration
* NetBIOS Null Sessions
o So What's the Big Deal
o DumpSec Tool
o NetBIOS Enumeration Using Netview
· Nbtstat Enumeration Tool
· SuperScan
· Enum Tool
o Enumerating User Accounts
· GetAcct
o Null Session Countermeasure
* PS Tools
o PsExec
o PsFile
o PsGetSid
o PsKill
o PsInfo
o PsList
o PsLogged On
o PsLogList
o PsPasswd
o PsService
o PsShutdown
o PsSuspend
* Simple Network Management Protocol (SNMP) Enumeration
o Management Information Base (MIB)
o SNMPutil Example
o SolarWinds
o SNScan
o Getif SNMP MIB Browser
o UNIX Enumeration
o SNMP UNIX Enumeration
o SNMP Enumeration Countermeasures
o LDAP enumeration
o JXplorer
o LdapMiner
o Softerra LDAP Browser
o NTP enumeration
o SMTP enumeration
o Smtpscan
o Web enumeration
o Asnumber
o Lynx
* Winfingerprint
o Windows Active Directory Attack Tool
o How To Enumerate Web Application Directories in IIS Using DirectoryServices
* IP Tools Scanner
* Enumerate Systems Using Default Password
§ Tools:
o NBTScan
o NetViewX
o FREENETENUMERATOR
o Terminal Service Agent
o TXNDS
o Unicornscan
o Amap
o Netenum
* Steps to Perform Enumeration
System Hacking
* Part 1- Cracking Password
o CEH hacking Cycle
o Password Types
o Types of Password Attack
· Passive Online Attack: Wire Sniffing
· Passive Online Attack: Man-in-the-middle and replay attacks
· Active Online Attack: Password Guessing
· Offline Attacks
Ø Brute force Attack
Ø Pre-computed Hashes
Ø Syllable Attack/Rule-based Attack/ Hybrid attacks
Ø Distributed network Attack
Ø Rainbow Attack
· Non-Technical Attacks
o Default Password Database
§ http://www.defaultpassword.com/
§ http://www.cirt.net/cgi-bin/passwd.pl
§ http://www.virus.org/index.php?
o PDF Password Cracker
o Abcom PDF Password Cracker
o Password Mitigation
o Permanent Account Lockout-Employee Privilege Abuse
o Administrator Password Guessing
· Manual Password cracking Algorithm
· Automatic Password Cracking Algorithm
o Performing Automated Password Guessing
· Tool: NAT
· Smbbf (SMB Passive Brute Force Tool)
· SmbCrack Tool: Legion
· Hacking Tool: LOphtcrack
o Microsoft Authentication
· LM, NTLMv1, and NTLMv2
· NTLM And LM Authentication On The Wire
· Kerberos Authentication
· What is LAN Manager Hash?
Ø LM “Hash” Generation
Ø LM Hash
· Salting
· PWdump2 and Pwdump3
· Tool: Rainbowcrack
· Hacking Tool: KerbCrack
· Hacking Tool: NBTDeputy
· NetBIOS DoS Attack
· Hacking Tool: John the Ripper
o Password Sniffing
o How to Sniff SMB Credentials?
o SMB Replay Attacks
o Replay Attack Tool: SMBProxy
o SMB Signing
o Tool: LCP
o Tool: SID&User
o Tool: Ophcrack 2
o Tool: Crack
o Tool: Access PassView
o Tool: Asterisk Logger
o Tool: CHAOS Generator
o Tool: Asterisk Key
o Password Recovery Tool: MS Access Database Password Decoder
o Password Cracking Countermeasures
o Do Not Store LAN Manager Hash in SAM Database
o LM Hash Backward Compatibility
o How to Disable LM HASH
o Password Brute-Force Estimate Tool
o Syskey Utility
o AccountAudit
* Part2-Escalating Privileges
o CEH Hacking Cycle
o Privilege Escalation
o Cracking NT/2000 passwords
o Active@ Password Changer
· Change Recovery Console Password - Method 1
· Change Recovery Console Password - Method 2
o Privilege Escalation Tool: x.exe
* Part3-Executing applications
o CEH Hacking Cycle
o Tool: psexec
o Tool: remoexec
o Ras N Map
o Tool: Alchemy Remote Executor
o Emsa FlexInfo Pro
o Keystroke Loggers
o E-mail Keylogger
o Revealer Keylogger Pro
o Handy Keylogger
o Ardamax Keylogger
o Powered Keylogger
o Quick Keylogger
o Spy-Keylogger
o Perfect Keylogger
o Invisible Keylogger
o Actual Spy
o SpyToctor FTP Keylogger
o IKS Software Keylogger
o Ghost Keylogger
o Hacking Tool: Hardware Key Logger
o What is Spyware?
o Spyware: Spector
o Remote Spy
o Spy Tech Spy Agent
o 007 Spy Software
o Spy Buddy
o Ace Spy
o Keystroke Spy
o Activity Monitor
o Hacking Tool: eBlaster
o Stealth Voice Recorder
o Stealth Keylogger
o Stealth Website Logger
o Digi Watcher Video Surveillance
o Desktop Spy Screen Capture Program
o Telephone Spy
o Print Monitor Spy Tool
o Stealth E-Mail Redirector
o Spy Software: Wiretap Professional
o Spy Software: FlexiSpy
o PC PhoneHome
o Keylogger Countermeasures
o Anti Keylogger
o Advanced Anti Keylogger
o Privacy Keyboard
o Spy Hunter - Spyware Remover
o Spy Sweeper
o Spyware Terminator
o WinCleaner AntiSpyware
* Part4-Hiding files
o CEH Hacking Cycle
o Hiding Files
o RootKits
· Why rootkits
· Hacking Tool: NT/2000 Rootkit
· Planting the NT/2000 Rootkit
· Rootkits in Linux
· Detecting Rootkits
· Steps for Detecting Rootkits
· Rootkit Detection Tools
· Sony Rootkit Case Study
· Rootkit: Fu
· AFX Rootkit
· Rootkit: Nuclear
· Rootkit: Vanquish
· Rootkit Countermeasures
· Patchfinder
· RootkitRevealer
o Creating Alternate Data Streams
o How to Create NTFS Streams?
· NTFS Stream Manipulation
· NTFS Streams Countermeasures
· NTFS Stream Detectors (ADS Spy and ADS Tools)
· Hacking Tool: USB Dumper
o What is Steganography?
· Steganography Techniques
§ Least Significant Bit Insertion in Image files
§ Process of Hiding Information in Image Files
§ Masking and Filtering in Image files
§ Algorithms and transformation
· Tool: Merge Streams
· Invisible Folders
· Tool: Invisible Secrets
· Tool : Image Hide
· Tool: Stealth Files
· Tool: Steganography
· Masker Steganography Tool
· Hermetic Stego
· DCPP – Hide an Operating System
· Tool: Camera/Shy
· www.spammimic.com
· Tool: Mp3Stego
· Tool: Snow.exe
· Steganography Tool: Fort Knox
· Steganography Tool: Blindside
· Steganography Tool: S- Tools
· Steganography Tool: Steghide
· Tool: Steganos
· Steganography Tool: Pretty Good Envelop
· Tool: Gifshuffle
· Tool: JPHIDE and JPSEEK
· Tool: wbStego
· Tool: OutGuess
· Tool: Data Stash
· Tool: Hydan
· Tool: Cloak
· Tool: StegoNote
· Tool: Stegomagic
· Steganos Security Suite
· C Steganography
· Isosteg
· FoxHole
· Video Steganography
· Case Study: Al-Qaida members Distributing Propaganda to Volunteers using Steganography
· Steganalysis
· Steganalysis Methods/Attacks on Steganography
· Stegdetect
· SIDS
· High-Level View
· Tool: dskprobe.exe
· Stego Watch- Stego Detection Tool
· StegSpy
* Part5-Covering Tracks
o CEH Hacking Cycle
o Covering Tracks
o Disabling Auditing
o Clearing the Event Log
o Tool: elsave.exe
o Hacking Tool: Winzapper
o Evidence Eliminator
o Tool: Traceless
o Tool: Tracks Eraser Pro
o Armor Tools
o Tool: ZeroTracks
o PhatBooster
Trojans and Backdoors
* Effect on Business
* What is a Trojan?
o Overt and Covert Channels
o Working of Trojans
o Different Types of Trojans
§ Remote Access Trojans
§ Data-Sending Trojans
§ Destructive Trojans
§ Denial-of-Service (DoS) Attack Trojans
§ Proxy Trojans
§ FTP Trojans
§ Security Software Disablers
o What do Trojan Creators Look for?
o Different Ways a Trojan can Get into a System
* Indications of a Trojan Attack
* Ports Used by Trojans
o How to Determine which Ports are Listening
* Trojans
o Trojan: iCmd
o MoSucker Trojan
o Proxy Server Trojan
o SARS Trojan Notification
o Wrappers
o Wrapper Covert Program
o Wrapping Tools
o One Exe Maker / YAB / Pretator Wrappers
o Packaging Tool: WordPad
o RemoteByMail
o Tool: Icon Plus
o Defacing Application: Restorator
o Tetris
o HTTP Trojans
o Trojan Attack through Http
o HTTP Trojan (HTTP RAT)
o Shttpd Trojan - HTTP Server
o Reverse Connecting Trojans
o Nuclear RAT Trojan (Reverse Connecting)
o Tool: BadLuck Destructive Trojan
o ICMP Tunneling
o ICMP Backdoor Trojan
o Microsoft Network Hacked by QAZ Trojan
o Backdoor.Theef (AVP)
o T2W (TrojanToWorm)
o Biorante RAT
o DownTroj
o Turkojan
o Trojan.Satellite-RAT
o Yakoza
o DarkLabel B4
o Trojan.Hav-Rat
o Poison Ivy
o Rapid Hacker
o SharK
o HackerzRat
o TYO
o 1337 Fun Trojan
o Criminal Rat Beta
o VicSpy
o Optix PRO
o ProAgent
o OD Client
o AceRat
o Mhacker-PS
o RubyRAT Public
o SINner
o ConsoleDevil
o ZombieRat
o FTP Trojan - TinyFTPD
o VNC Trojan
o Webcam Trojan
o DJI RAT
o Skiddie Rat
o Biohazard RAT
o Troya
o ProRat
o Dark Girl
o DaCryptic
o Net-Devil
* Classic Trojans Found in the Wild
o Trojan: Tini
o Trojan: NetBus
o Trojan: Netcat
o Netcat Client/Server
o Netcat Commands
o Trojan: Beast
o Trojan: Phatbot
o Trojan: Amitis
o Trojan: Senna Spy
o Trojan: QAZ
o Trojan: Back Orifice
o Trojan: Back Oriffice 2000
o Back Oriffice Plug-ins
o Trojan: SubSeven
o Trojan: CyberSpy Telnet Trojan
o Trojan: Subroot Telnet Trojan
o Trojan: Let Me Rule! 2.0 BETA 9
o Trojan: Donald Dick
o Trojan: RECUB
* Hacking Tool: Loki
* Loki Countermeasures
* Atelier Web Remote Commander
* Trojan Horse Construction Kit
* How to Detect Trojans?
o Netstat
o fPort
o TCPView
o CurrPorts Tool
o Process Viewer
o Delete Suspicious Device Drivers
o Check for Running Processes: What’s on My Computer
o Super System Helper Tool
o Inzider-Tracks Processes and Ports
o Tool: What’s Running
o MS Configuration Utility
o Registry- What’s Running
o Autoruns
o Hijack This (System Checker)
o Startup List
* Anti-Trojan Software
§ TrojanHunter
§ Comodo BOClean
§ Trojan Remover: XoftspySE
§ Trojan Remover: Spyware Doctor
§ SPYWAREfighter
* Evading Anti-Virus Techniques
* Sample Code for Trojan Client/Server
* Evading Anti-Trojan/Anti-Virus using Stealth Tools
* Backdoor Countermeasures
* Tripwire
* System File Verification
* MD5 Checksum.exe
* Microsoft Windows Defender
* How to Avoid a Trojan Infection
Viruses and Worms
* Virus History
* Characteristics of Virus
* Working of Virus
o Infection Phase
o Attack Phase
* Why people create Computer Viruses
* Symptoms of a Virus-like Attack
* Virus Hoaxes
* Chain Letters
* How is a Worm Different from a Virus
* Indications of a Virus Attack
* Hardware Threats
* Software Threats
* Virus Damage
§ Mode of Virus Infection
* Stages of Virus Life
* Virus Classification
* How Does a Virus Infect?
* Storage Patterns of Virus
o System Sector virus
o Stealth Virus
o Bootable CD-Rom Virus
· Self -Modification
· Encryption with a Variable Key
o Polymorphic Code
o Metamorphic Virus
o Cavity Virus
o Sparse Infector Virus
o Companion Virus
o File Extension Virus
* Famous Virus/Worms – I Love You Virus
* Famous Virus/Worms – Melissa
* Famous Virus/Worms – JS/Spth
* Klez Virus Analysis
* Latest Viruses
* Top 10 Viruses- 2008
o Virus: Win32.AutoRun.ah
o Virus:W32/Virut
o Virus:W32/Divvi
o Worm.SymbOS.Lasco.a
o Disk Killer
o Bad Boy
o HappyBox
o Java.StrangeBrew
o MonteCarlo Family
o PHP.Neworld
o W32/WBoy.a
o ExeBug.d
o W32/Voterai.worm.e
o W32/Lecivio.worm
o W32/Lurka.a
o W32/Vora.worm!p2p
* Writing a Simple Virus Program
* Virus Construction Kits
* Virus Detection Methods
* Virus Incident Response
* What is Sheep Dip?
* Virus Analysis – IDA Pro Tool
* Prevention is better than Cure
* Anti-Virus Software
o AVG Antivirus
o Norton Antivirus
o McAfee
o Socketsheild
o BitDefender
o ESET Nod32
o CA Anti-Virus
o F-Secure Anti-Virus
o Kaspersky Anti-Virus
o F-Prot Antivirus
o Panda Antivirus Platinum
o avast! Virus Cleaner
o ClamWin
o Norman Virus Control
* Popular Anti-Virus Packages
* Virus Databases
Sniffers
* Definition - Sniffing
* Protocols Vulnerable to Sniffing
* Tool: Network View – Scans the Network for Devices
* The Dude Sniffer
* Wireshark
* Display Filters in Wireshark
* Following the TCP Stream in Wireshark
* Cain and Abel
* Tcpdump
* Tcpdump Commands
* Types of Sniffing
o Passive Sniffing
o Active Sniffing
* What is ARP
o ARP Spoofing Attack
o How does ARP Spoofing Work
o ARP Poising
o MAC Duplicating
o MAC Duplicating Attack
o Tools for ARP Spoofing
· Ettercap
· ArpSpyX
o MAC Flooding
· Tools for MAC Flooding
Ø Linux Tool: Macof
Ø Windows Tool: Etherflood
o Threats of ARP Poisoning
o Irs-Arp Attack Tool
o ARPWorks Tool
o Tool: Nemesis
o IP-based sniffing
* Linux Sniffing Tools (dsniff package)
o Linux tool: Arpspoof
o Linux Tool: Dnssppoof
o Linux Tool: Dsniff
o Linux Tool: Filesnarf
o Linux Tool: Mailsnarf
o Linux Tool: Msgsnarf
o Linux Tool: Sshmitm
o Linux Tool: Tcpkill
o Linux Tool: Tcpnice
o Linux Tool: Urlsnarf
o Linux Tool: Webspy
o Linux Tool: Webmitm
* DNS Poisoning Techniques
o Intranet DNS Spoofing (Local Network)
o Internet DNS Spoofing (Remote Network)
o Proxy Server DNS Poisoning
o DNS Cache Poisoning
* Interactive TCP Relay
* Interactive Replay Attacks
* Raw Sniffing Tools
* Features of Raw Sniffing Tools
o HTTP Sniffer: EffeTech
o Ace Password Sniffer
o Win Sniffer
o MSN Sniffer
o SmartSniff
o Session Capture Sniffer: NetWitness
o Session Capture Sniffer: NWreader
o Packet Crafter Craft Custom TCP/IP Packets
o SMAC
o NetSetMan Tool
o Ntop
o EtherApe
o Network Probe
o Maa Tec Network Analyzer
o Tool: Snort
o Tool: Windump
o Tool: Etherpeek
o NetIntercept
o Colasoft EtherLook
o AW Ports Traffic Analyzer
o Colasoft Capsa Network Analyzer
o CommView
o Sniffem
o NetResident
o IP Sniffer
o Sniphere
o IE HTTP Analyzer
o BillSniff
o URL Snooper
o EtherDetect Packet Sniffer
o EffeTech HTTP Sniffer
o AnalogX Packetmon
o Colasoft MSN Monitor
o IPgrab
o EtherScan Analyzer
* How to Detect Sniffing
* Countermeasures
o Antisniff Tool
o Arpwatch Tool
o PromiScan
o proDETECT
Social Engineering
* What is Social Engineering?
* Human Weakness
* “Rebecca” and “Jessica”
* Office Workers
* Types of Social Engineering
o Human-Based Social Engineering
· Technical Support Example
· More Social Engineering Examples
· Human-Based Social Engineering: Eavesdropping
· Human-Based Social Engineering: Shoulder Surfing
· Human-Based Social Engineering: Dumpster Diving
· Dumpster Diving Example
· Oracle Snoops Microsoft’s Trash Bins
· Movies to Watch for Reverse Engineering
o Computer Based Social Engineering
o Insider Attack
o Disgruntled Employee
o Preventing Insider Threat
o Common Targets of Social Engineering
§ Social Engineering Threats
o Online
o Telephone
o Personal approaches
o Defenses Against Social Engineering Threats
§ Factors that make Companies Vulnerable to Attacks
§ Why is Social Engineering Effective
§ Warning Signs of an Attack
§ Tool : Netcraft Anti-Phishing Toolbar
§ Phases in a Social Engineering Attack
§ Behaviors Vulnerable to Attacks
§ Impact on the Organization
§ Countermeasures
§ Policies and Procedures
§ Security Policies - Checklist
§ Impersonating Orkut, Facebook, MySpace
§ Orkut
§ Impersonating on Orkut
§ MW.Orc worm
§ Facebook
§ Impersonating on Facebook
§ MySpace
§ Impersonating on MySpace
§ How to Steal Identity
§ Comparison
§ Original
§ Identity Theft
§ http://www.consumer.gov/idtheft/
Phishing
§ Phishing
§ Introduction
§ Reasons for Successful Phishing
§ Phishing Methods
§ Process of Phishing
§ Types of Phishing Attacks
o Man-in-the-Middle Attacks
o URL Obfuscation Attacks
o Cross-site Scripting Attacks
o Hidden Attacks
o Client-side Vulnerabilities
o Deceptive Phishing
o Malware-Based Phishing
o DNS-Based Phishing
o Content-Injection Phishing
o Search Engine Phishing
§ Phishing Statistics: Feb’ 2008
§ Anti-Phishing
§ Anti-Phishing Tools
o PhishTank SiteChecker
o NetCraft
o GFI MailEssentials
o SpoofGuard
o Phishing Sweeper Enterprise
o TrustWatch Toolbar
o ThreatFire
o GralicWrap
o Spyware Doctor
o Track Zapper Spyware-Adware Remover
o AdwareInspector
o Email-Tag.com
Hacking Email Accounts
* Ways for Getting Email Account Information
* Stealing Cookies
* Social Engineering
* Password Phishing
* Fraudulent e-mail Messages
* Vulnerabilities
o Web Email
o Reaper Exploit
* Tool: Advanced Stealth Email Redirector
* Tool: Mail PassView
* Tool: Email Password Recovery Master
* Tool: Mail Password
* Email Finder Pro
* Email Spider Easy
* Kernel Hotmail MSN Password Recovery
* Retrieve Forgotten Yahoo Password
* MegaHackerZ
* Hack Passwords
* Creating Strong Passwords
* Creating Strong Passwords: Change Password
* Creating Strong Passwords: Trouble Signing In
* Sign-in Seal
* Alternate Email Address
* Keep Me Signed In/ Remember Me
* Tool: Email Protector
* Tool: Email Security
* Tool: EmailSanitizer
* Tool: Email Protector
* Tool: SuperSecret
Denial-of-Service
* Real World Scenario of DoS Attacks
* What are Denial-of-Service Attacks
* Goal of DoS
* Impact and the Modes of Attack
* Types of Attacks
* DoS Attack Classification
o Smurf Attack
o Buffer Overflow Attack
o Ping of Death Attack
o Teardrop Attack
o SYN Attack
o SYN Flooding
o DoS Attack Tools
o DoS Tool: Jolt2
o DoS Tool: Bubonic.c
o DoS Tool: Land and LaTierra
o DoS Tool: Targa
o DoS Tool: Blast
o DoS Tool: Nemesy
o DoS Tool: Panther2
o DoS Tool: Crazy Pinger
o DoS Tool: SomeTrouble
o DoS Tool: UDP Flood
o DoS Tool: FSMax
* Bot (Derived from the Word RoBOT)
* Botnets
* Uses of Botnets
* Types of Bots
* How Do They Infect? Analysis Of Agabot
* How Do They Infect
* Tool: Nuclear Bot
* What is DDoS Attack
* Characteristics of DDoS Attacks
* DDOS Unstoppable
* Agent Handler Model
* DDoS IRC based Model
* DDoS Attack Taxonomy
* Amplification Attack
* Reflective DNS Attacks
* Reflective DNS Attacks Tool: ihateperl.pl
* DDoS Tools
o DDoS Tool: Trinoo
o DDoS Tool: Tribal Flood Network
o DDoS Tool: TFN2K
o DDoS Tool: Stacheldraht
o DDoS Tool: Shaft
o DDoS Tool: Trinity
o DDoS Tool: Knight and Kaiten
o DDoS Tool: Mstream
* Worms
* Slammer Worm
* Spread of Slammer Worm – 30 min
* MyDoom.B
* SCO Against MyDoom Worm
* How to Conduct a DDoS Attack
* The Reflected DoS Attacks
* Reflection of the Exploit
* Countermeasures for Reflected DoS
* DDoS Countermeasures
* Taxonomy of DDoS Countermeasures
* Preventing Secondary Victims
* Detect and Neutralize Handlers
* Detect Potential Attacks
* DoSHTTP Tool
* Mitigate or Stop the Effects of DDoS Attacks
* Deflect Attacks
* Post-attack Forensics
* Packet Traceback
Session Hijacking
* What is Session Hijacking?
* Spoofing v Hijacking
* Steps in Session Hijacking
* Types of Session Hijacking
* Session Hijacking Levels
* Network Level Hijacking
* The 3-Way Handshake
* TCP Concepts 3-Way Handshake
* Sequence Numbers
* Sequence Number Prediction
* TCP/IP hijacking
* IP Spoofing: Source Routed Packets
* RST Hijacking
o RST Hijacking Tool: hijack_rst.sh
* Blind Hijacking
* Man in the Middle: Packet Sniffer
* UDP Hijacking
* Application Level Hijacking
* Programs that Performs Session Hacking
o Juggernaut
o Hunt
o TTY-Watcher
o IP watcher
o Session Hijacking Tool: T-Sight
o Remote TCP Session Reset Utility (SOLARWINDS)
o Paros HTTP Session Hijacking Tool
o Dnshijacker Tool
o Hjksuite Tool
* Dangers that hijacking Pose
* Protecting against Session Hijacking
* Countermeasures: IPSec
Hacking Web Servers
* How Web Servers Work
* How are Web Servers Compromised
* Web Server Defacement
o How are Servers Defaced
* Apache Vulnerability
* Attacks against IIS
o IIS Components
o IIS Directory Traversal (Unicode) Attack
* Unicode
o Unicode Directory Traversal Vulnerability
* Hacking Tool
o Hacking Tool: IISxploit.exe
o Msw3prt IPP Vulnerability
o RPC DCOM Vulnerability
o ASP Trojan
o IIS Logs
o Network Tool: Log Analyzer
o Hacking Tool: CleanIISLog
o IIS Security Tool: Server Mask
o ServerMask ip100
o Tool: CacheRight
o Tool: CustomError
o Tool: HttpZip
o Tool: LinkDeny
o Tool: ServerDefender AI
o Tool: ZipEnable
o Tool: w3compiler
o Yersinia
* Tool: Metasploit Framework
* Tool: Immunity CANVAS Professional
* Tool: Core Impact
* Tool: MPack
* Tool: Neosploit
* Hotfixes and Patches
* What is Patch Management
* Patch Management Checklist
o Solution: UpdateExpert
o Patch Management Tool: qfecheck
o Patch Management Tool: HFNetChk
o cacls.exe utility
o Shavlik NetChk Protect
o Kaseya Patch Management
o IBM Tivoli Configuration Manager
o LANDesk Patch Manager
o BMC Patch Manager
o ConfigureSoft Enterprise Configuration Manager (ECM)
o BladeLogic Configuration Manager
o Opsware Server Automation System (SAS)
o Best Practices for Patch Management
* Vulnerability Scanners
* Online Vulnerability Search Engine
* Network Tool: Whisker
* Network Tool: N-Stealth HTTP Vulnerability Scanner
* Hacking Tool: WebInspect
* Network Tool: Shadow Security Scanner
* Secure IIS
o ServersCheck Monitoring
o GFI Network Server Monitor
o Servers Alive
o Webserver Stress Tool
o Monitoring Tool: Secunia PSI
* Countermeasures
* Increasing Web Server Security
* Web Server Protection Checklist
Web Application Vulnerabilities
* Web Application Setup
* Web application Hacking
* Anatomy of an Attack
* Web Application Threats
* Cross-Site Scripting/XSS Flaws
o An Example of XSS
o Countermeasures
* SQL Injection
* Command Injection Flaws
o Countermeasures
* Cookie/Session Poisoning
o Countermeasures
* Parameter/Form Tampering
* Hidden Field at
* Buffer Overflow
o Countermeasures
* Directory Traversal/Forceful Browsing
o Countermeasures
* Cryptographic Interception
* Cookie Snooping
* Authentication Hijacking
o Countermeasures
* Log Tampering
* Error Message Interception
* Attack Obfuscation
* Platform Exploits
* DMZ Protocol Attacks
o Countermeasures
* Security Management Exploits
o Web Services Attacks
o Zero-Day Attacks
o Network Access Attacks
* TCP Fragmentation
* Hacking Tools
o Instant Source
o Wget
o WebSleuth
o BlackWidow
o SiteScope Tool
o WSDigger Tool – Web Services Testing Tool
o CookieDigger Tool
o SSLDigger Tool
o SiteDigger Tool
o WindowBomb
o Burp: Positioning Payloads
o Burp: Configuring Payloads and Content Enumeration
o Burp: Password Guessing
o Burp Proxy
o Burpsuite
o Hacking Tool: cURL
o dotDefender
o Acunetix Web Scanner
o AppScan – Web Application Scanner
o AccessDiver
o Tool: Falcove Web Vulnerability Scanner
o Tool: NetBrute
o Tool: Emsa Web Monitor
o Tool: KeepNI
o Tool: Parosproxy
o Tool: WebScarab
o Tool: Watchfire AppScan
o Tool: WebWatchBot
o Tool: Mapper
Web-Based Password Cracking Techniques
* Authentication - Definition
* Authentication Mechanisms
o HTTP Authentication
· Basic Authentication
· Digest Authentication
o Integrated Windows (NTLM) Authentication
o Negotiate Authentication
o Certificate-based Authentication
o Forms-based Authentication
o RSA SecurID Token
o Biometrics Authentication
· Types of Biometrics Authentication
Ø Fingerprint-based Identification
Ø Hand Geometry- based Identification
Ø Retina Scanning
Ø Afghan Woman Recognized After 17 Years
Ø Face Recognition
Ø Face Code: WebCam Based Biometrics Authentication System
* Bill Gates at the RSA Conference 2006
* How to Select a Good Password
* Things to Avoid in Passwords
* Changing Your Password
* Protecting Your Password
* Examples of Bad Passwords
* The “Mary Had A Little Lamb” Formula
* How Hackers Get Hold of Passwords
* Windows XP: Remove Saved Passwords
* What is a Password Cracker
* Modus Operandi of an Attacker Using a Password Cracker
* How Does a Password Cracker Work
* Attacks - Classification
o Password Guessing
o Query String
o Cookies
o Dictionary Maker
* Password Crackers Available
o L0phtCrack (LC4)
o John the Ripper
o Brutus
o ObiWaN
o Authforce
o Hydra
o Cain & Abel
o RAR
o Gammaprog
o WebCracker
o Munga Bunga
o PassList
o SnadBoy
o MessenPass
o Wireless WEP Key Password Spy
o RockXP
o Password Spectator Pro
o Passwordstate
o Atomic Mailbox Password Cracker
o Advanced Mailbox Password Recovery (AMBPR)
o Tool: Network Password Recovery
o Tool: Mail PassView
o Tool: Messenger Key
o Tool: SniffPass
o WebPassword
o Password Administrator
o Password Safe
o Easy Web Password
o PassReminder
o My Password Manager
* Countermeasures
SQL Injection
* What is SQL Injection
* Exploiting Web Applications
* Steps for performing SQL injection
* What You Should Look For
* What If It Doesn’t Take Input
* OLE DB Errors
* Input Validation Attack
* SQL injection Techniques
* How to Test for SQL Injection Vulnerability
* How Does It Work
* BadLogin.aspx.cs
* BadProductList.aspx.cs
* Executing Operating System Commands
* Getting Output of SQL Query
* Getting Data from the Database Using ODBC Error Message
* How to Mine all Column Names of a Table
* How to Retrieve any Data
* How to Update/Insert Data into Database
* SQL Injection in Oracle
* SQL Injection in MySql Database
* Attacking Against SQL Servers
* SQL Server Resolution Service (SSRS)
* Osql -L Probing
* SQL Injection Automated Tools
* Automated SQL Injection Tool: AutoMagic SQL
* Absinthe Automated SQL Injection Tool
o Hacking Tool: SQLDict
o Hacking Tool: SQLExec
o SQL Server Password Auditing Tool: sqlbf
o Hacking Tool: SQLSmack
o Hacking Tool: SQL2.exe
o sqlmap
o sqlninja
o SQLIer
o Automagic SQL Injector
o Absinthe
* Blind SQL Injection
o Blind SQL Injection: Countermeasure
o Blind SQL Injection Schema
* SQL Injection Countermeasures
* Preventing SQL Injection Attacks
* GoodLogin.aspx.cs
* SQL Injection Blocking Tool: SQL Block
* Acunetix Web Vulnerability Scanner
Hacking Wireless Networks
§ Introduction to Wireless
o Introduction to Wireless Networking
o Wired Network vs. Wireless Network
o Effects of Wireless Attacks on Business
o Types of Wireless Network
o Advantages and Disadvantages of a Wireless Network
§ Wireless Standards
o Wireless Standard: 802.11a
o Wireless Standard: 802.11b – “WiFi”
o Wireless Standard: 802.11g
o Wireless Standard: 802.11i
o Wireless Standard: 802.11n
§ Wireless Concepts and Devices
o Related Technology and Carrier Networks
o Antennas
o Cantenna – www.cantenna.com
o Wireless Access Points
o SSID
o Beacon Frames
o Is the SSID a Secret
o Setting up a WLAN
o Authentication and Association
o Authentication Modes
o The 802.1X Authentication Process
§ WEP and WPA
o Wired Equivalent Privacy (WEP)
o WEP Issues
o WEP - Authentication Phase
o WEP - Shared Key Authentication
o WEP - Association Phase
o WEP Flaws
o What is WPA
o WPA Vulnerabilities
o WEP, WPA, and WPA2
o WPA2 Wi-Fi Protected Access 2
§ Attacks and Hacking Tools
o Terminologies
o WarChalking
o Authentication and (Dis) Association Attacks
o WEP Attack
o Cracking WEP
o Weak Keys (a.k.a. Weak IVs)
o Problems with WEP’s Key Stream and Reuse
o Automated WEP Crackers
o Pad-Collection Attacks
o XOR Encryption
o Stream Cipher
o WEP Tool: Aircrack
o Aircrack-ng
o WEP Tool: AirSnort
o WEP Tool: WEPCrack
o WEP Tool: WepLab
o Attacking WPA Encrypted Networks
o Attacking WEP with WEPCrack on Windows using Cygwin
o Attacking WEP with WEPCrack on Windows using PERL Interpreter
o Tool: Wepdecrypt
o WPA-PSK Cracking Tool: CowPatty
o 802.11 Specific Vulnerabilities
o Evil Twin: Attack
o Rogue Access Points
o Tools to Generate Rogue Access Points: Fake AP
o Tools to Detect Rogue Access Points: Netstumbler
o Tools to Detect Rogue Access Points: MiniStumbler
o ClassicStumbler
o AirFart
o AP Radar
o Hotspotter
o Cloaked Access Point
o WarDriving Tool: shtumble
o Temporal Key Integrity Protocol (TKIP)
o LEAP: The Lightweight Extensible Authentication Protocol
o LEAP Attacks
o LEAP Attack Tool: ASLEAP
o Working of ASLEAP
o MAC Sniffing and AP Spoofing
o Defeating MAC Address Filtering in Windows
o Manually Changing the MAC Address in Windows XP and 2000
o Tool to Detect MAC Address Spoofing: Wellenreiter
o Man-in-the-Middle Attack (MITM)
o Denial-of-Service Attacks
o DoS Attack Tool: Fatajack
o Hijacking and Modifying a Wireless Network
o Phone Jammers
o Phone Jammer: Mobile Blocker
o Pocket Cellular Style Cell Phone Jammer
o 2.4Ghz Wi-Fi & Wireless Camera Jammer
o 3 Watt Digital Cell Phone Jammer
o 3 Watt Quad Band Digital Cellular Mobile Phone Jammer
o 20W Quad Band Digital Cellular Mobile Phone Jammer
o 40W Digital Cellular Mobile Phone Jammer
o Detecting a Wireless Network
§ Scanning Tools
o Scanning Tool: Kismet
o Scanning Tool: Prismstumbler
o Scanning Tool: MacStumbler
o Scanning Tool: Mognet V1.16
o Scanning Tool: WaveStumbler
o Scanning Tool: Netchaser V1.0 for Palm Tops
o Scanning Tool: AP Scanner
o Scanning Tool: Wavemon
o Scanning Tool: Wireless Security Auditor (WSA)
o Scanning Tool: AirTraf
o Scanning Tool: WiFi Finder
o Scanning Tool: WifiScanner
o eEye Retina WiFI
o Simple Wireless Scanner
o wlanScanner
§ Sniffing Tools
o Sniffing Tool: AiroPeek
o Sniffing Tool: NAI Wireless Sniffer
o MAC Sniffing Tool: WireShark
o Sniffing Tool: vxSniffer
o Sniffing Tool: Etherpeg
o Sniffing Tool: Drifnet
o Sniffing Tool: AirMagnet
o Sniffing Tool: WinDump
o Sniffing Tool: Ssidsniff
o Multiuse Tool: THC-RUT
o Tool: WinPcap
o Tool: AirPcap
o AirPcap: Example Program from the Developer's Pack
o Microsoft Network Monitor
§ Hacking Wireless Networks
o Steps for Hacking Wireless Networks
o Step 1: Find Networks to Attack
o Step 2: Choose the Network to Attack
o Step 3: Analyzing the Network
o Step 4: Cracking the WEP Key
o Step 5: Sniffing the Network
§ Wireless Security
o WIDZ: Wireless Intrusion Detection System
o Radius: Used as Additional Layer in Security
o Securing Wireless Networks
o Wireless Network Security Checklist
o WLAN Security: Passphrase
o Don’ts in Wireless Security
§ Wireless Security Tools
o WLAN Diagnostic Tool: CommView for WiFi PPC
o WLAN Diagnostic Tool: AirMagnet Handheld Analyzer
o Auditing Tool: BSD-Airtools
o AirDefense Guard (www.AirDefense.com)
o Google Secure Access
o Tool: RogueScanner
Physical Security
* Security Facts
* Understanding Physical Security
* Physical Security
* What Is the Need for Physical Security
* Who Is Accountable for Physical Security
* Factors Affecting Physical Security
* Physical Security Checklist
o Physical Security Checklist -Company surroundings
o Gates
o Security Guards
o Physical Security Checklist: Premises
o CCTV Cameras
o Reception
o Server Room
o Workstation Area
o Wireless Access Point
o Other Equipments
o Access Control
· Biometric Devices
· Biometric Identification Techniques
· Authentication Mechanisms
· Authentication Mechanism Challenges: Biometrics
· Faking Fingerprints
· Smart cards
· Security Token
· Computer Equipment Maintenance
· Wiretapping
· Remote Access
· Lapse of Physical Security
· Locks
Ø Lock Picking
Ø Lock Picking Tools
* Information Security
* EPS (Electronic Physical Security)
* Wireless Security
* Laptop Theft Statistics for 2007
* Statistics for Stolen and Recovered Laptops
* Laptop Theft
* Laptop theft: Data Under Loss
* Laptop Security Tools
* Laptop Tracker - XTool Computer Tracker
* Tools to Locate Stolen Laptops
* Stop's Unique, Tamper-proof Patented Plate
* Tool: TrueCrypt
* Laptop Security Countermeasures
* Mantrap
* TEMPEST
* Challenges in Ensuring Physical Security
* Spyware Technologies
* Spying Devices
* Physical Security: Lock Down USB Ports
* Tool: DeviceLock
* Blocking the Use of USB Storage Devices
* Track Stick GPS Tracking Device
Linux Hacking
§ Why Linux
§ Linux Distributions
§ Linux Live CD-ROMs
§ Basic Commands of Linux: Files & Directories
§ Linux Basic
o Linux File Structure
o Linux Networking Commands
* Directories in Linux
* Installing, Configuring, and Compiling Linux Kernel
* How to Install a Kernel Patch
* Compiling Programs in Linux
* GCC Commands
* Make Files
* Make Install Command
* Linux Vulnerabilities
* Chrooting
* Why is Linux Hacked
* How to Apply Patches to Vulnerable Programs
* Scanning Networks
* Nmap in Linux
* Scanning Tool: Nessus
* Port Scan Detection Tools
* Password Cracking in Linux: Xcrack
* Firewall in Linux: IPTables
* IPTables Command
* Basic Linux Operating System Defense
* SARA (Security Auditor's Research Assistant)
* Linux Tool: Netcat
* Linux Tool: tcpdump
* Linux Tool: Snort
* Linux Tool: SAINT
* Linux Tool: Wireshark
* Linux Tool: Abacus Port Sentry
* Linux Tool: DSniff Collection
* Linux Tool: Hping2
* Linux Tool: Sniffit
* Linux Tool: Nemesis
* Linux Tool: LSOF
* Linux Tool: IPTraf
* Linux Tool: LIDS
* Hacking Tool: Hunt
* Tool: TCP Wrappers
* Linux Loadable Kernel Modules
* Hacking Tool: Linux Rootkits
* Rootkits: Knark & Torn
* Rootkits: Tuxit, Adore, Ramen
* Rootkit: Beastkit
* Rootkit Countermeasures
* ‘chkrootkit’ detects the following Rootkits
* Linux Tools: Application Security
* Advanced Intrusion Detection Environment (AIDE)
* Linux Tools: Security Testing Tools
* Linux Tools: Encryption
* Linux Tools: Log and Traffic Monitors
* Linux Security Auditing Tool (LSAT)
* Linux Security Countermeasures
* Steps for Hardening Linux
Evading IDS, Firewalls and Detecting Honey Pots
§ Introduction to Intrusion Detection System
§ Terminologies
§ Intrusion Detection System (IDS)
o IDS Placement
o Ways to Detect an Intrusion
o Types of Instruction Detection Systems
o System Integrity Verifiers (SIVS)
o Tripwire
o Cisco Security Agent (CSA)
o True/False, Positive/Negative
o Signature Analysis
o General Indication of Intrusion: System Indications
o General Indication of Intrusion: File System Indications
o General Indication of Intrusion: Network Indications
o Intrusion Detection Tools
· Snort
· Running Snort on Windows 2003
· Snort Console
· Testing Snort
· Configuring Snort (snort.conf)
· Snort Rules
· Set up Snort to Log to the Event Logs and to Run as a Service
· Using EventTriggers.exe for Eventlog Notifications
· SnortSam
o Steps to Perform after an IDS detects an attack
o Evading IDS Systems
· Ways to Evade IDS
· Tools to Evade IDS
§ IDS Evading Tool: ADMutate
§ Packet Generators
§ What is a Firewall?
o What Does a Firewall Do
o Packet Filtering
o What can’t a firewall do
o How does a Firewall work
o Firewall Operations
o Hardware Firewall
o Software Firewall
o Types of Firewall
· Packet Filtering Firewall
· IP Packet Filtering Firewall
· Circuit-Level Gateway
· TCP Packet Filtering Firewall
· Application Level Firewall
· Application Packet Filtering Firewall
· Stateful Multilayer Inspection Firewall
o Packet Filtering Firewall
o Firewall Identification
o Firewalking
o Banner Grabbing
o Breaching Firewalls
o Bypassing a Firewall using HTTPTunnel
o Placing Backdoors through Firewalls
o Hiding Behind a Covert Channel: LOKI
o Tool: NCovert
o ACK Tunneling
o Tools to breach firewalls
§ Common Tool for Testing Firewall and IDS
o IDS testing tool: IDS Informer
o IDS Testing Tool: Evasion Gateway
o IDS Tool: Event Monitoring Enabling Responses to Anomalous Live Disturbances (Emerald)
o IDS Tool: BlackICE
o IDS Tool: Next-Generation Intrusion Detection Expert System (NIDES)
o IDS Tool: SecureHost
o IDS Tool: Snare
o IDS Testing Tool: Traffic IQ Professional
o IDS Testing Tool: TCPOpera
o IDS testing tool: Firewall Informer
o Atelier Web Firewall Tester
§ What is Honeypot?
o The Honeynet Project
o Types of Honeypots
§ Low-interaction honeypot
§ Medium-interaction honeypot
§ High-interaction honeypot
o Advantages and Disadvantages of a Honeypot
o Where to place Honeypots
o Honeypots
· Honeypot-SPECTER
· Honeypot - honeyd
· Honeypot – KFSensor
· Sebek
o Physical and Virtual Honeypots
§ Tools to Detect Honeypots
§ What to do when hacked
Module 24: Buffer Overflows
* Why are Programs/Applications Vulnerable
* Buffer Overflows
* Reasons for Buffer Overflow Attacks
* Knowledge Required to Program Buffer Overflow Exploits
* Understanding Stacks
* Understanding Heaps
* Types of Buffer Overflows: Stack-based Buffer Overflow
o A Simple Uncontrolled Overflow of the Stack
o Stack Based Buffer Overflows
* Types of Buffer Overflows: Heap-based Buffer Overflow
o Heap Memory Buffer Overflow Bug
o Heap-based Buffer Overflow
* Understanding Assembly Language
o Shellcode
* How to Detect Buffer Overflows in a Program
o Attacking a Real Program
§ NOPs
§ How to Mutate a Buffer Overflow Exploit
§ Once the Stack is Smashed
* Defense Against Buffer Overflows
o Tool to Defend Buffer Overflow: Return Address Defender (RAD)
o Tool to Defend Buffer Overflow: StackGuard
o Tool to Defend Buffer Overflow: Immunix System
o Vulnerability Search: NIST
o Valgrind
o Insure++
* Buffer Overflow Protection Solution: Libsafe
o Comparing Functions of libc and Libsafe
* Simple Buffer Overflow in C
o Code Analysis
Module 25: Cryptography
§ Introduction to Cryptography
§ Classical Cryptographic Techniques
o Encryption
o Decryption
§ Cryptographic Algorithms
§ RSA (Rivest Shamir Adleman)
o Example of RSA Algorithm
o RSA Attacks
o RSA Challenge
§ Data Encryption Standard (DES)
o DES Overview
§ RC4, RC5, RC6, Blowfish
o RC5
§ Message Digest Functions
o One-way Bash Functions
o MD5
§ SHA (Secure Hash Algorithm)
§ SSL (Secure Sockets Layer)
§ What is SSH?
o SSH (Secure Shell)
§ Algorithms and Security
§ Disk Encryption
§ Government Access to Keys (GAK)
§ Digital Signature
o Components of a Digital Signature
o Method of Digital Signature Technology
o Digital Signature Applications
o Digital Signature Standard
o Digital Signature Algorithm: Signature Generation/Verification
o Digital Signature Algorithms: ECDSA, ElGamal Signature Scheme
o Challenges and Opportunities
§ Digital Certificates
o Cleversafe Grid Builder http://www.cleversafe.com/
§ PGP (Pretty Good Privacy)
§ CypherCalc
§ Command Line Scriptor
§ CryptoHeaven
§ Hacking Tool: PGP Crack
§ Magic Lantern
§ Advanced File Encryptor
* Encryption Engine
* Encrypt Files
* Encrypt PDF
* Encrypt Easy
* Encrypt my Folder
* Advanced HTML Encrypt and Password Protect
* Encrypt HTML source
* Alive File Encryption
* Omziff
* ABC CHAOS
* EncryptOnClick
* CryptoForge
* SafeCryptor
* CrypTool
* Microsoft Cryptography Tools
* Polar Crypto Light
* CryptoSafe
* Crypt Edit
* CrypSecure
* Cryptlib
* Crypto++ Library
§ Code Breaking: Methodologies
§ Cryptanalysis
§ Cryptography Attacks
§ Brute-Force Attack
§ Cracking S/MIME Encryption Using Idle CPU Time
§ distributed.net
§ Use Of Cryptography
Module 26: Penetration Testing
§ Introduction to Penetration Testing (PT)
§ Categories of security assessments
§ Vulnerability Assessment
§ Limitations of Vulnerability Assessment
§ Penetration Testing
§ Types of Penetration Testing
§ Risk Management
§ Do-It-Yourself Testing
§ Outsourcing Penetration Testing Services
§ Terms of Engagement
§ Project Scope
§ Pentest Service Level Agreements
§ Testing points
§ Testing Locations
§ Automated Testing
§ Manual Testing
§ Using DNS Domain Name and IP Address Information
§ Enumerating Information about Hosts on Publicly Available Networks
§ Testing Network-filtering Devices
§ Enumerating Devices
§ Denial-of-Service Emulation
§ Pentest using Appscan
§ HackerShield
§ Pen-Test Using Cerberus Internet Scanner
§ Pen-Test Using Cybercop Scanner
§ Pen-Test Using FoundScan Hardware Appliances
§ Pen-Test Using Nessus
§ Pen-Test Using NetRecon
§ Pen-Test Using SAINT
§ Pen-Test Using SecureNet Pro
§ Pen-Test Using SecureScan
§ Pen-Test Using SATAN, SARA and Security Analyzer
§ Pen-Test Using STAT Analyzer
§ Pentest Using VigilENT
§ Pentest Using WebInspect
§ Pentest Using CredDigger
§ Pentest Using Nsauditor
§ Evaluating Different Types of Pen-Test Tools
§ Asset Audit
§ Fault Tree and Attack Trees
§ GAP Analysis
§ Threat
§ Business Impact of Threat
§ Internal Metrics Threat
§ External Metrics Threat
§ Calculating Relative Criticality
§ Test Dependencies
§ Defect Tracking Tools: Bug Tracker Server
§ Disk Replication Tools
§ DNS Zone Transfer Testing Tools
§ Network Auditing Tools
§ Trace Route Tools and Services
§ Network Sniffing Tools
§ Denial of Service Emulation Tools
§ Traditional Load Testing Tools
§ System Software Assessment Tools
§ Operating System Protection Tools
§ Fingerprinting Tools
§ Port Scanning Tools
§ Directory and File Access Control Tools
§ File Share Scanning Tools
§ Password Directories
§ Password Guessing Tools
§ Link Checking Tools
§ Web-Testing Based Scripting tools
§ Buffer Overflow protection Tools
§ File Encryption Tools
§ Database Assessment Tools
§ Keyboard Logging and Screen Reordering Tools
§ System Event Logging and Reviewing Tools
§ Tripwire and Checksum Tools
§ Mobile-code Scanning Tools
§ Centralized Security Monitoring Tools
§ Web Log Analysis Tools
§ Forensic Data and Collection Tools
§ Security Assessment Tools
§ Multiple OS Management Tools
§ Phases of Penetration Testing
§ Pre-attack Phase
§ Best Practices
§ Results that can be Expected
§ Passive Reconnaissance
§ Active Reconnaissance
§ Attack Phase
o Activity: Perimeter Testing
o Activity: Web Application Testing
o Activity: Wireless Testing
o Activity: Acquiring Target
o Activity: Escalating Privileges
o Activity: Execute, Implant and Retract
§ Post Attack Phase and Activities
§ Penetration Testing Deliverables Templates
Module 27: Covert Hacking
§ Insider Attacks
§ What is Covert Channel?
§ Security Breach
§ Why Do You Want to Use Covert Channel?
§ Motivation of a Firewall Bypass
§ Covert Channels Scope
§ Covert Channel: Attack Techniques
§ Simple Covert Attacks
§ Advanced Covert Attacks
§ Standard Direct Connection
§ Reverse Shell (Reverse Telnet)
§ Direct Attack Example
§ In-Direct Attack Example
§ Reverse Connecting Agents
§ Covert Channel Attack Tools
o Netcat
o DNS Tunneling
o Covert Channel Using DNS Tunneling
o DNS Tunnel Client
o DNS Tunneling Countermeasures
o Covert Channel Using SSH
o Covert Channel using SSH (Advanced)
o HTTP/S Tunneling Attack
§ Covert Channel Hacking Tool: Active Port Forwarder
§ Covert Channel Hacking Tool: CCTT
§ Covert Channel Hacking Tool: Firepass
§ Covert Channel Hacking Tool: MsnShell
§ Covert Channel Hacking Tool: Web Shell
§ Covert Channel Hacking Tool: NCovert
o Ncovert - How it works
§ Covert Channel Hacking via Spam E-mail Messages
§ Hydan
Module 28: Writing Virus Codes
§ Introduction of Virus
§ Types of Viruses
§ Symptoms of a Virus Attack
§ Prerequisites for Writing Viruses
§ Required Tools and Utilities
§ Virus Infection Flow Chart
o Virus Infection: Step I
· Directory Traversal Method
· Example Directory Traversal Function
· “dot dot” Method
· Example Code for a “dot dot” Method
o Virus Infection: Step II
o Virus Infection: Step III
· Marking a File for Infection
o Virus Infection: Step IV
o Virus Infection: Step V
§ Components of Viruses
o Functioning of Replicator part
o Writing Replicator
o Writing Concealer
o Dispatcher
o Writing Bomb/Payload
· Trigger Mechanism
· Bombs/Payloads
· Brute Force Logic Bombs
§ Testing Virus Codes
§ Tips for Better Virus Writing
Module 29: Assembly Language Tutorial
* Base 10 System
* Base 2 System
* Decimal 0 to 15 in Binary
* Binary Addition (C stands for Canary)
* Hexadecimal Number
* Hex Example
* Hex Conversion
* nibble
* Computer memory
* Characters Coding
* ASCII and UNICODE
* CPU
* Machine Language
* Compilers
* Clock Cycle
* Original Registers
* Instruction Pointer
* Pentium Processor
* Interrupts
* Interrupt handler
* External interrupts and Internal interrupts
* Handlers
* Machine Language
* Assembly Language
* Assembler
* Assembly Language Vs High-level Language
* Assembly Language Compilers
* Instruction operands
* MOV instruction
* ADD instruction
* SUB instruction
* INC and DEC instructions
* Directive
* preprocessor
* equ directive
* %define directive
* Data directives
* Labels
* Input and output
* C Interface
* Call
* Creating a Program
* Why should anyone learn assembly at all?
o First.asm
* Assembling the code
* Compiling the C code
* Linking the object files
* Understanding an assembly listing file
* Big and Little Endian Representation
* Skeleton File
* Working with Integers
* Signed integers
* Signed Magnitude
* Two’s Compliment
* If statements
* Do while loops
* Indirect addressing
* Subprogram
* The Stack
* The SS segment
* ESP
* The Stack Usage
* The CALL and RET Instructions
* General subprogram form
* Local variables on the stack
* General subprogram form with local variables
* Multi-module program
* Saving registers
* Labels of functions
* Calculating addresses of local variables
Module 30: Exploit Writing
* Exploits Overview
* Prerequisites for Writing Exploits and Shellcodes
* Purpose of Exploit Writing
* Types of Exploits
* Stack Overflow
* Heap Corruption
o Format String
o Integer Bug Exploits
o Race Condition
o TCP/IP Attack
* The Proof-of-Concept and Commercial Grade Exploit
* Converting a Proof of Concept Exploit to Commercial Grade Exploit
* Attack Methodologies
* Socket Binding Exploits
* Tools for Exploit Writing
o LibExploit
o Metasploit
o CANVAS
* Steps for Writing an Exploit
* Differences Between Windows and Linux Exploits
* Shellcodes
* NULL Byte
* Types of Shellcodes
* Tools Used for Shellcode Development
o NASM
o GDB
o objdump
o ktrace
o strace
o readelf
* Steps for Writing a Shellcode
* Issues Involved With Shellcode Writing
o Addressing problem
o Null byte problem
o System call implementation
Module 31: Smashing the Stack for Fun and Profit
* What is a Buffer?
* Static Vs Dynamic Variables
* Stack Buffers
* Data Region
* Memory Process Regions
* What Is A Stack?
* Why Do We Use A Stack?
* The Stack Region
* Stack frame
* Stack pointer
* Procedure Call (Procedure Prolog)
* Compiling the code to assembly
* Call Statement
* Return Address (RET)
* Word Size
* Stack
* Buffer Overflows
* Error
* Why do we get a segmentation violation?
* Segmentation Error
* Instruction Jump
* Guess Key Parameters
* Calculation
* Shell Code
o The code to spawn a shell in C
* Lets try to understand what is going on here. We'll start by studying main:
* execve()
o execve() system call
* exit.c
o List of steps with exit call
* The code in Assembly
* JMP
* Code using indexed addressing
* Offset calculation
* shellcodeasm.c
* testsc.c
* Compile the code
* NULL byte
* shellcodeasm2.c
* testsc2.c
* Writing an Exploit
* overflow1.c
* Compiling the code
* sp.c
* vulnerable.c
* NOPs
o Using NOPs
o Estimating the Location
Module 32: Windows Based Buffer Overflow Exploit Writing
* Buffer Overflow
* Stack overflow
* Writing Windows Based Exploits
* Exploiting stack based buffer overflow
* OpenDataSource Buffer Overflow Vulnerability Details
* Simple Proof of Concept
* Windbg.exe
* Analysis
* EIP Register
o Location of EIP
o EIP
* Execution Flow
* But where can we jump to?
* Offset Address
* The Query
* Finding jmp esp
* Debug.exe
* listdlls.exe
* Msvcrt.dll
* Out.sql
* The payload
* ESP
* Limited Space
* Getting Windows API/function absolute address
* Memory Address
* Other Addresses
* Compile the program
* Final Code
Module 33: Reverse Engineering
§ Positive Applications of Reverse Engineering
§ Ethical Reverse Engineering
§ World War Case Study
§ DMCA Act
§ What is Disassembler?
§ Why do you need to decompile?
§ Professional Disassembler Tools
§ Tool: IDA Pro
§ Convert Machine Code to Assembly Code
§ Decompilers
§ Program Obfuscation
§ Convert Assembly Code to C++ code
§ Machine Decompilers
§ Tool: dcc
§ Machine Code of compute.exe Prorgam
§ Assembly Code of compute.exe Program
§ Code Produced by the dcc Decompiler in C
§ Tool: Boomerang
§ What Boomerang Can Do?
§ Andromeda Decompiler
§ Tool: REC Decompiler
§ Tool: EXE To C Decompiler
§ Delphi Decompilers
§ Tools for Decompiling .NET Applications
§ Salamander .NET Decompiler
§ Tool: LSW DotNet-Reflection-Browser
§ Tool: Reflector
§ Tool: Spices NET.Decompiler
§ Tool: Decompilers.NET
§ .NET Obfuscator and .NET Obfuscation
§ Java Bytecode Decompilers
§ Tool: JODE Java Decompiler
§ Tool: JREVERSEPRO
§ Tool: SourceAgain
§ Tool: ClassCracker
§ Python Decompilers
§ Reverse Engineering Tutorial
§ OllyDbg Debugger
§ How Does OllyDbg Work?
§ Debugging a Simple Console Application
Module 34: MAC OS X Hacking
* Introduction to MAC OS
* Vulnerabilities in MAC
o Crafted URL Vulnerability
o CoreText Uninitialized Pointer Vulnerability
o ImageIO Integer overflow Vulnerability
o DirectoryService Vulnerability
o iChat UPnP buffer overflow Vulnerability
o ImageIO Memory Corruption Vulnerability
o Code Execution Vulnerability
o UFS filesystem integer overflow Vulnerability
o Kernel "fpathconf()" System call Vulnerability
o UserNotificationCenter Privilege Escalation Vulnerability
o Other Vulnerabilities in MAC
* How a Malformed Installer Package Can Crack Mac OS X
* Worm and Viruses in MAC
o OSX/Leap-A
o Inqtana.A
o Macro Viruses
* Anti-Viruses in MAC
o VirusBarrier
o McAfee Virex for Macintosh
o Endpoint Security and Control
o Norton Internet Security
* Mac Security Tools
o MacScan
o ClamXav
o IPNetsentryx
o FileGuard
* Countermeasures
Module 35: Hacking Routers, cable Modems and Firewalls
* Network Devices
* Identifying a Router
o SING: Tool for Identifying the Router
* HTTP Configuration Arbitrary Administrative Access Vulnerability
* ADMsnmp
* Solarwinds MIB Browser
* Brute-Forcing Login Services
* Hydra
* Analyzing the Router Config
* Cracking the Enable Password
* Tool: Cain and Abel
* Implications of a Router Attack
* Types of Router Attacks
* Router Attack Topology
* Denial of Service (DoS) Attacks
* Packet “Mistreating” Attacks
* Routing Table Poisoning
* Hit-and-run Attacks vs. Persistent Attacks
* Cisco Router
o Finding a Cisco Router
o How to Get into Cisco Router
o Breaking the Password
o Is Anyone Here
o Covering Tracks
o Looking Around
* Eigrp-tool
* Tool: Zebra
* Tool: Yersinia for HSRP, CDP, and other layer 2 attacks
* Tool: Cisco Torch
* Monitoring SMTP(port25) Using SLcheck
* Monitoring HTTP(port 80)
* Cable Modem Hacking
o OneStep: ZUP
* www.bypassfirewalls.net
* Waldo Beta 0.7 (b)
Module 36: Hacking Mobile Phones, PDA and Handheld Devices
* Different OS in Mobile Phone
* Different OS Structure in Mobile Phone
* Evolution of Mobile Threat
* Threats
* What Can A Hacker Do
* Vulnerabilities in Different Mobile Phones
* Malware
* Spyware
o Spyware: SymbOS/Htool-SMSSender.A.intd
o Spyware: SymbOS/MultiDropper.CG
o Best Practices against Malware
* Blackberry
o Blackberry Attacks
o Blackberry Attacks: Blackjacking
o BlackBerry Wireless Security
o BlackBerry Signing Authority Tool
o Countermeasures
* PDA
o PDA Security Issues
o ActiveSync attacks
o HotSync Attack
o PDA Virus: Brador
o PDA Security Tools: TigerSuite PDA
o Security Policies for PDAs
* iPod
o Misuse of iPod
o Jailbreaking
o Tools for jailbreaking: iFuntastic
o Prerequisite for iPhone Hacking
o Step by Step iPhone Hacking using iFuntastic
o Step by step iPhone Hacking
o AppSnapp
· Steps for AppSnapp
o Tool to Unlock iPhone: iPhoneSimFree
o Tool to Unlock iPhone: anySIM
o Steps for Unlocking your iPhone using AnySIM
o Activate the Voicemail Button on your Unlocked iPhone
o Podloso Virus
o Security tool: Icon Lock-iT XP
* Mobile: Is It a Breach to Enterprise Security?
o Threats to Organizations Due to Mobile Devices
o Security Actions by Organizations
* Viruses
o Skulls
o Duts
o Doomboot.A: Trojan
* Antivirus
o Kaspersky Antivirus Mobile
o Airscanner
o BitDefender Mobile Security
o SMobile VirusGuard
o Symantec AntiVirus
o F-Secure Antivirus for Palm OS
o BullGuard Mobile Antivirus
* Security Tools
o Sprite Terminator
o Mobile Security Tools: Virus Scan Mobile
* Defending Cell Phones and PDAs Against Attack
* Mobile Phone Security Tips
Module 37: Bluetooth Hacking
* Bluetooth Introduction
* Security Issues in Bluetooth
* Security Attacks in Bluetooth Devices
o Bluejacking
o Tools for Bluejacking
o BlueSpam
o Blue snarfing
o BlueBug Attack
o Short Pairing Code Attacks
o Man-In-Middle Attacks
o OnLine PIN Cracking Attack
o BTKeylogging attack
o BTVoiceBugging attack
o Blueprinting
o Bluesmacking - The Ping of Death
o Denial-of-Service Attack
o BlueDump Attack
* Bluetooth hacking tools
o BTScanner
o Bluesnarfer
o Bluediving
o Transient Bluetooth Environment Auditor
o BTcrack
o Blooover
o Hidattack
* Bluetooth Viruses and Worms
o Cabir
o Mabir
o Lasco
* Bluetooth Security tools
o BlueWatch
o BlueSweep
o Bluekey
o BlueFire Mobile Security Enterprise Edition
o BlueAuditor
o Bluetooth Network Scanner
* Countermeasures
Module 38: VoIP Hacking
* What is VoIP
* VoIP Hacking Steps
* Footprinting
o Information Sources
o Unearthing Information
o Organizational Structure and Corporate Locations
o Help Desk
o Job Listings
o Phone Numbers and Extensions
o VoIP Vendors
o Resumes
o WHOIS and DNS Analysis
o Steps to Perform Footprinting
* Scanning
o Host/Device Discovery
o ICMP Ping Sweeps
o ARP Pings
o TCP Ping Scans
o SNMP Sweeps
o Port Scanning and Service Discovery
o TCP SYN Scan
o UDP Scan
o Host/Device Identification
* Enumeration
o Steps to Perform Enumeration
o Banner Grabbing with Netcat
o SIP User/Extension Enumeration
+ REGISTER Username Enumeration
+ INVITE Username Enumeration
+ OPTIONS Username Enumeration
+ Automated OPTIONS Scanning with sipsak
+ Automated REGISTER, INVITE and OPTIONS Scanning with SIPSCAN against SIP server
+ Automated OPTIONS Scanning Using SIPSCAN against SIP Phones
o Enumerating TFTP Servers
o SNMP Enumeration
o Enumerating VxWorks VoIP Devices
* Steps to Exploit the Network
o Denial-of-Service (DoS)
o Distributed Denial-of-Service (DDoS) Attack
o Internal Denial-of-Service Attack
o DoS Attack Scenarios
o Eavesdropping
o Packet Spoofing and Masquerading
o Replay Attack
o Call Redirection and Hijacking
o ARP Spoofing
o ARP Spoofing Attack
o Service Interception
o H.323-Specific Attacks
o SIP Security Vulnerabilities
o SIP Attacks
o Flooding Attacks
o DNS Cache Poisoning
o Sniffing TFTP Configuration File Transfers
o Performing Number Harvesting and Call Pattern Tracking
o Call Eavesdropping
o Interception through VoIP Signaling Manipulation
o Man-In-The-Middle (MITM) Attack
o Application-Level Interception Techniques
+ How to Insert Rogue Application
+ SIP Rogue Application
+ Listening to/Recording Calls
+ Replacing/Mixing Audio
+ Dropping Calls with a Rogue SIP Proxy
+ Randomly Redirect Calls with a Rogue SIP Proxy
+ Additional Attacks with a Rogue SIP Proxy
o What is Fuzzing
+ Why Fuzzing
+ Commercial VoIP Fuzzing tools
o Signaling and Media Manipulation
+ Registration Removal with erase_registrations Tool
+ Registration Addition with add_registrations Tool
o VoIP Phishing
* Covering Tracks
Module 39: RFID Hacking
§ RFID- Definition
§ Components of RFID Systems
§ RFID Collisions
* RFID Risks
o Business Process Risk
o Business Intelligence Risk
o Privacy Risk
o Externality Risk
+ Hazards of Electromagnetic Radiation
+ Computer Network Attacks
§ RFID and Privacy Issues
§ Countermeasures
§ RFID Security and Privacy Threats
o Sniffing
o Tracking
o Spoofing
o Replay attacks
o Denial-of-service
§ Protection Against RFID Attacks
§ RFID Guardian
§ RFID Malware
o How to Write an RFID Virus
o How to Write an RFID Worm
o Defending Against RFID Malware
§ RFID Exploits
§ Vulnerabilities in RFID-enabled Credit Cards
o Skimming Attack
o Replay Attack
o Eavesdropping Attack
§ RFID Hacking Tool: RFDump
§ RFID Security Controls
o Management Controls
o Operational Controls
o Technical Controls
§ RFID Security
Module 40: Spamming
* Introduction
* Techniques used by Spammers
* How Spamming is performed
* Spammer: Statistics
* Worsen ISP: Statistics
* Top Spam Effected Countries: Statistics
* Types of Spam Attacks
* Spamming Tools
o Farelogic Worldcast
o 123 Hidden Sender
o YL Mail Man
o Sendblaster
o Direct Sender
o Hotmailer
o PackPal Bulk Email Server
o IEmailer
* Anti-Spam Techniques
* Anti- Spamming Tools
o AEVITA Stop SPAM Email
o SpamExperts Desktop
o SpamEater Pro
o SpamWeasel
o Spytech SpamAgent
o AntispamSniper
o Spam Reader
o Spam Assassin Proxy (SA) Proxy
o MailWasher Free
o Spam Bully
* Countermeasures
Module 41: Hacking USB Devices
§ Introduction to USB Devices
§ Electrical Attack
§ Software Attack
§ USB Attack on Windows
§ Viruses and Worms
o W32/Madang-Fam
o W32/Hasnot-A
o W32/Fujacks-AK
o W32/Fujacks-E
o W32/Dzan-C
o W32/SillyFD-AA
o W32/SillyFDC-BK
o W32/LiarVB-A
o W32/Hairy-A
o W32/QQRob-ADN
o W32/VBAut-B
o HTTP W32.Drom
§ Hacking Tools
o USB Dumper
o USB Switchblade
o USB Hacksaw
§ USB Security Tools
o MyUSBonly
o USBDeview
o USB-Blocker
o USB CopyNotify
o Remora USB File Guard
o Advanced USB Pro Monitor
o Folder Password Expert USB
o USBlyzer
o USB PC Lock Pro
o Torpark
o Virus Chaser USB
§ Countermeasures
Module 42: Hacking Database Servers
* Hacking Database server: Introduction
* Hacking Oracle Database Server
o Attacking Oracle
o Security Issues in Oracle
o Types of Database Attacks
o How to Break into an Oracle Database and Gain DBA Privileges
o Oracle Worm: Voyager Beta
o Ten Hacker Tricks to Exploit SQL Server Systems
* Hacking SQL Server
o How SQL Server is Hacked
o Query Analyzer
o odbcping Utility
o Tool: ASPRunner Professional
o Tool: FlexTracer
* Security Tools
* SQL Server Security Best Practices: Administrator Checklist
§ SQL Server Security Best Practices: Developer Checklist
Module 43: Cyber Warfare- Hacking, Al-Qaida and Terrorism
§ Cyber Terrorism Over Internet
§ Cyber-Warfare Attacks
§ 45 Muslim Doctors Planned US Terror Raids
§ Net Attack
§ Al-Qaeda
§ Why Terrorists Use Cyber Techniques
§ Cyber Support to Terrorist Operations
§ Planning
§ Recruitment
§ Research
§ Propaganda
§ Propaganda: Hizballah Website
§ Cyber Threat to the Military
§ Russia ‘hired botnets’ for Estonia Cyber-War
§ NATO Threatens War with Russia
§ Bush on Cyber War: ‘a subject I can learn a lot about’
§ E.U. Urged to Launch Coordinated Effort Against Cybercrime
§ Budget: Eye on Cyber-Terrorism Attacks
§ Cyber Terror Threat is Growing, Says Reid
§ Terror Web 2.0
§ Table 1: How Websites Support Objectives of terrorist/Extremist Groups
§ Electronic Jihad
§ Electronic Jihad' App Offers Cyber Terrorism for the Masses
§ Cyber Jihad – Cyber Firesale
§ http://internet-haganah.com/haganah/
Module 44: Internet Content Filtering Techniques
* Introduction to Internet Filter
o Key Features of Internet Filters
o Pros and Cons of Internet Filters
* Internet Content Filtering Tools
o iProtectYou
o Tool: Block Porn
o Tool: FilterGate
o Tool: Adblock
o Tool: AdSubtract
o Tool: GalaxySpy
o Tool: AdsGone Pop Up Killer
o Tool: AntiPopUp
o Tool: Pop Up Police
o Tool: Super Ad Blocker
o Tool: Anti-AD Guard
o Net Nanny
o CyberSieve
o BSafe Internet Filter
o Tool: Stop-the-Pop-Up Lite
o Tool: WebCleaner
o Tool: AdCleaner
o Tool: Adult Photo Blanker
o Tool: LiveMark Family
o Tool: KDT Site Blocker
o Internet Safety Guidelines for Children
Module 45: Privacy on the Internet
* Internet privacy
* Proxy privacy
* Spyware privacy
* Email privacy
* Cookies
* Examining Information in Cookies
* How Internet Cookies Work
* How Google Stores Personal Information
* Google Privacy Policy
* Web Browsers
* Web Bugs
* Downloading Freeware
* Internet Relay Chat
* Pros and Cons of Internet Relay Chat
* Electronic Commerce
* Internet Privacy Tools: Anonymizers
o Anonymizer Anonymous Surfing
o Anonymizer Total Net Shield
o Anonymizer Nyms
o Anonymizer Anti-Spyware
o Anonymizer Digital Shredder Lite
o Steganos Internet Anonym
o Invisible IP Map
o NetConceal Anonymity Shield
o Anonymous Guest
o ViewShield
o IP Hider
o Mask Surf Standard
o VIP Anonymity
o SmartHide
o Anonymity Gateway
o Hide My IP
o Claros Anonymity
o Max Internet Optimizer
o Hotspot Shield
o Anonymous Browsing Toolbar
o Invisible Browsing
o Real Time Cleaner
o Anonymous Web Surfing
o Anonymous Friend
o Easy Hide IP
§ Internet Privacy Tools: Firewall Tools
o Agnitum firewall
o Firestarter
o Sunbelt Personal Firewall
o Netdefender
§ Internet Privacy Tools: Others
o Privacy Eraser
o CookieCop
o Cookiepal
o Historykill
o Tracks eraser
* Best Practices
o Protecting Search Privacy
o Tips for Internet Privacy
* Counter measures
Module 46: Securing Laptop Computers
* Statistics for Stolen and Recovered Laptops
* Statistics on Security
* Percentage of Organizations Following the Security Measures
* Laptop threats
* Laptop Theft
* Fingerprint Reader
* Protecting Laptops Through Face Recognition
* Bluetooth in Laptops
* Tools
o Laptop Security
o Laptop Security Tools
o Laptop Alarm
o Flexysafe
o Master Lock
o eToken
o STOP-Lock
o True Crypt
o PAL PC Tracker
o Cryptex
o Dekart Private Disk Multifactor
o Laptop Anti-Theft
o Inspice Trace
o ZTRACE GOLD
o SecureTrieve Pro
o XTool Laptop Tracker
o XTool Encrypted Disk
o XTool Asset Auditor
o XTool Remote Delete
§ Securing from Physical Laptop Thefts
§ Hardware Security for Laptops
§ Protecting the Sensitive Data
§ Preventing Laptop Communications from Wireless Threats
§ Protecting the Stolen Laptops from Being Used
§ Security Tips
Module 47: Spying Technologies
§ Spying
§ Motives of Spying
§ Spying Devices
o Spying Using Cams
o Video Spy
o Video Spy Devices
o Tiny Spy Video Cams
o Underwater Video Camera
o Camera Spy Devices
o Goggle Spy
o Watch Spy
o Pen Spy
o Binoculars Spy
o Toy Spy
o Spy Helicopter
o Wireless Spy Camera
o Spy Kit
o Spy Scope: Spy Telescope and Microscope
o Spy Eye Side Telescope
o Audio Spy Devices
o Eavesdropper Listening Device
o GPS Devices
o Spy Detectors
o Spy Detector Devices
§ Vendors Hosting Spy Devices
o Spy Gadgets
o Spy Tools Directory
o Amazon.com
o Spy Associates
o Paramountzone
o Surveillance Protection
§ Spying Tools
o Net Spy Pro-Computer Network Monitoring and Protection
o SpyBoss Pro
o CyberSpy
o Spytech SpyAgent
o ID Computer Spy
o e-Surveiller
o KGB Spy Software
o O&K Work Spy
o WebCam Spy
o Golden Eye
§ Anti-Spying Tools
o Internet Spy Filter
o Spybot - S&D
o SpyCop
o Spyware Terminator
o XoftSpySE
Module 48: Corporate Espionage- Hacking Using Insiders
* Introduction To Corporate Espionage
* Information Corporate Spies Seek
* Insider Threat
* Different Categories of Insider Threat
* Privileged Access
* Driving Force behind Insider Attack
* Common Attacks carried out by Insiders
* Techniques Used for Corporate Espionage
* Process of Hacking
* Former Forbes Employee Pleads Guilty
* Former Employees Abet Stealing Trade Secrets
* California Man Sentenced For Hacking
* Federal Employee Sentenced for Hacking
* Facts
* Key Findings from U.S Secret Service and CERT Coordination Center/SEI study on Insider Threat
* Tools
o NetVizor
o Privatefirewall w/Pest Patrol
§ Countermeasures
o Best Practices against Insider Threat
o Countermeasures
Module 49: Creating Security Policies
* Security policies
* Key Elements of Security Policy
* Defining the Purpose and Goals of Security Policy
* Role of Security Policy
* Classification of Security Policy
* Design of Security Policy
* Contents of Security Policy
* Configurations of Security Policy
* Implementing Security Policies
* Types of Security Policies
o Promiscuous Policy
o Permissive Policy
o Prudent Policy
o Paranoid Policy
o Acceptable-Use Policy
o User-Account Policy
o Remote-Access Policy
o Information-Protection Policy
o Firewall-Management Policy
o Special-Access Policy
o Network-Connection Policy
o Business-Partner Policy
o Other Important Policies
* Policy Statements
* Basic Document Set of Information Security Policies
* E-mail Security Policy
o Best Practices for Creating E-mail Security Policies
o User Identification and Passwords Policy
* Software Security Policy
* Software License Policy
* Points to Remember While Writing a Security Policy
* Sample Policies
o Remote Access Policy
o Wireless Security Policy
o E-mail Security Policy
o E-mail and Internet Usage Policies
o Personal Computer Acceptable Use Policy
o Firewall Management policy
o Internet Acceptable Use Policy
o User Identification and Password Policy
o Software License Policy
Module 50: Software Piracy and Warez
* Software Activation: Introduction
o Process of Software Activation
* Piracy
o Piracy Over Internet
o Abusive Copies
o Pirated Copies
o Cracked Copies
o Impacts of piracy
o Software Piracy Rate in 2006
o Piracy Blocking
* Software Copy Protection Backgrounders
o CD Key Numbers
o Dongles
o Media Limited Installations
o Protected Media
o Hidden Serial Numbers
o Digital Right Management (DRM)
o Copy protection for DVD
* Warez
o Warez
o Types of Warez
o Warez Distribution
o Distribution Methods
* Tool: Crypkey
* Tool: EnTrial
* EnTrial Tool: Distribution File
* EnTrial Tool: Product & Package Initialization Dialog
* EnTrial Tool: Add Package GUI
* Tool: DF_ProtectionKit
* Tool: Crack Killer
* Tool: Logic Protect
* Tool: Software License Manager
* Tool: Quick License Manager
* Tool: WTM CD Protect
Module 51: Hacking and Cheating Online Games
* Online Games: Introduction
* Basics of Game Hacking
* Threats in Online Gaming
* Cheating in Online Computer Games
* Types of Exploits
* Example of popular game exploits
* Stealing Online Game Passwords
o Stealing Online Game Passwords: Social Engineering and Phishing
* Online Gaming Malware from 1997-2007
* Best Practices for Secure Online Gaming
* Tips for Secure Online Gaming
Module 52: Hacking RSS and Atom
§ Introduction
§ Areas Where RSS and Atom is Used
§ Building a Feed Aggregator
§ Routing Feeds to the Email Inbox
§ Monitoring the Server with Feeds
§ Tracking Changes in Open Source Projects
§ Risks by Zone
o Remote Zone risk
o Local Zone Risk
§ Reader Specific Risks
§ Utilizing the Web Feeds Vulnerabilities
§ Example for Attacker to Attack the Feeds
§ Tools
o Perseptio FeedAgent
o RssFeedEater
o Thingamablog
o RSS Builder
o RSS Submit
o FeedDemon
o FeedForAll
o FeedExpress
o RSS and Atom Security
Module 53: Hacking Web Browsers (Firefox, IE)
§ Introduction
§ How Web Browsers Work
§ How Web Browsers Access HTML Documents
§ Protocols for an URL
§ Hacking Firefox
o Firefox Proof of Concept Information Leak Vulnerability
o Firefox Spoofing Vulnerability
o Password Vulnerability
o Concerns With Saving Form Or Login Data
o Cleaning Up Browsing History
o Cookies
o Internet History Viewer: Cookie Viewer
§ Firefox Security
o Blocking Cookies Options
o Tools For Cleaning Unwanted Cookies
o Tool: CookieCuller
o Getting Started
o Privacy Settings
o Security Settings
o Content Settings
o Clear Private Data
o Mozilla Firefox Security Features
§ Hacking Internet Explorer
o Redirection Information Disclosure Vulnerability
o Window Injection Vulnerability
§ Internet Explorer Security
o Getting Started
o Security Zones
o Custom Level
o Trusted Sites Zone
o Privacy
o Overwrite Automatic Cookie Handling
o Per Site Privacy Actions
o Specify Default Applications
o Internet Explorer Security Features
§ Hacking Opera
o JavaScript Invalid Pointer Vulnerability
o BitTorrent Header Parsing Vulnerability
o Torrent File Handling Buffer Overflow Vulnerability
§ Security Features of Opera
o Security and Privacy Features
§ Hacking Safari
o Safari Browser Vulnerability
o iPhone Safari Browser Memory Exhaustion Remote Dos Vulnerability
§ Securing Safari
o Getting started
o Preferences
o AutoFill
o Security Features
§ Hacking Netscape
o Netscape Navigator Improperly Validates SSL Sessions
o Netscape Navigator Security Vulnerability
§ Securing Netscape
o Getting Started
o Privacy Settings
o Security Settings
o Content Settings
o Clear Private Data
Module 54: Proxy Server Technologies
§ Introduction: Proxy Server
§ Working of Proxy Server
§ Types of Proxy Server
§ Socks Proxy
§ Free Proxy Servers
§ Use of Proxies for Attack
§ Tools
o WinGate
o UserGate Proxy Server
o Advanced FTP Proxy Server
o Trilent FTP Proxy
o SafeSquid
o AllegroSurf
o ezProxy
o Proxy Workbench
o ProxyManager Tool
o Super Proxy Helper Tool
o MultiProxy
§ How Does MultiProxy Work
§ TOR Proxy Chaining Software
§ TOR Proxy Chaining Software
§ AnalogX Proxy
§ NetProxy
§ Proxy+
§ ProxySwitcher Lite
§ Tool: JAP
§ Proxomitron
§ SSL Proxy Tool
§ How to Run SSL Proxy
Module 55: Data Loss Prevention
§ Introduction: Data Loss
§ Causes of Data Loss
§ How to Prevent Data Loss
§ Impact Assessment for Data Loss Prevention
§ Tools
o Security Platform
o Check Point Software: Pointsec Data Security
o Cisco (IronPort)
o Content Inspection Appliance
o CrossRoads Systems: DBProtector
o Strongbox DBProtector Architecture
o DeviceWall
o Exeros Discovery
o GFi Software: GFiEndPointSecurity
o GuardianEdge Data Protection Platform
o ProCurve Identity Driven Manager (IDM)
o Imperva: SecureSphere
o MailMarshal
o WebMarshal
o Marshal EndPoint
o Novell ZENworks Endpoint Security Management
o Prism EventTracker
o Proofpoint Messaging Security Gateway
o Proofpoint Platform Architecture
o Summary Dashboard
o End-user Safe/Block List
o Defiance Data Protection System
o Sentrigo: Hedgehog
o Symantec Database Security
o Varonis: DataPrivilege
o Verdasys: Digital Guardian
o VolumeShield AntiCopy
o Websense Content Protection Suite
Hacking Global Positioning System (GPS)
* Geographical Positioning System (GPS)
* Terminologies
* GPS Devices Manufacturers
* Gpsd-GPS Service Daemon
* Sharing Waypoints
* Wardriving
* Areas of Concern
* Sources of GPS Signal Errors
* Methods to Mitigate Signal Loss
* GPS Secrets
o GPS Hidden Secrets
o Secret Startup Commands in Garmin
o Hard Reset/ Soft Reset
* Firmware Hacking
o Firmware
o Hacking GPS Firmware: Bypassing the Garmin eTrex Vista Startup Screen
o Hacking GPS Firmware: Bypassing the Garmin eTrex Legend Startup Screen
o Hacking GPS Firmware: Bypassing the Garmin eTrex Venture Startup Screen
* GPS Tools
o Tool: GPS NMEA LOG
o Tool: GPS Diagnostic
o Tool: RECSIM III
o Tool: G7toWin
o Tool: G7toCE
o Tool: GPS Security Guard
o GPS Security Guard Functions
o UberTracker
Computer Forensics and Incident Handling
§ Computer Forensics
o What is Computer Forensics
o Need for Computer Forensics
o Objectives of Computer Forensics
o Stages of Forensic Investigation in Tracking Cyber Criminals
o Key Steps in Forensic Investigations
o List of Computer Forensics Tools
§ Incident Handling
o Present Networking Scenario
o What is an Incident
o Category of Incidents: Low Level
o Category of Incidents: Mid Level
o Category of Incidents: High Level
o How to Identify an Incident
o How to Prevent an Incident
o Defining the Relationship between Incident Response, Incident Handling, and Incident Management
o Incident Response Checklist
o Handling Incidents
o Procedure for Handling Incident
· Stage 1: Preparation
· Stage 2: Identification
· Stage 3: Containment
· Stage 4: Eradication
· Stage 5: Recovery
· Stage 6: Follow-up
§ Incident Management
§ Why don’t Organizations Report Computer Crimes
§ Estimating Cost of an Incident
§ Whom to Report an Incident
§ Incident Reporting
§ Vulnerability Resources
§ What is CSIRT
o CSIRT: Goals and Strategy
o Why an Organization needs an Incident Response Team
o CSIRT Case Classification
o Types of Incidents and Level of Support
o Incident Specific Procedures-I (Virus and Worm Incidents)
o Incident Specific Procedures-II (Hacker Incidents)
o Incident Specific Procedures-III (Social Incidents, Physical Incidents)
o How CSIRT Handles Case: Steps
o Example of CSIRT
o Best Practices for Creating a CSIRT
· Step 1: Obtain Management Support and Buy-in
· Step 2: Determine the CSIRT Development Strategic Plan
· Step 3: Gather Relevant Information
· Step 4: Design your CSIRT Vision
· Step 5: Communicate the CSIRT Vision
· Step 6: Begin CSIRT Implementation
· Step 7: Announce the CSIRT
§ World CERTs http://www.trusted-introducer.nl/teams/country.html
§ http://www.first.org/about/organization/teams/
§ IRTs Around the World
Module 58: Credit Card Frauds
§ E-Crime
§ Statistics
§ Credit Card
o Credit Card Fraud
o Credit Card Fraud
o Credit Card Fraud Over Internet
o Net Credit/Debit Card Fraud In The US After Gross Charge-Offs
§ Credit Card Generators
o Credit Card Generator
o RockLegend’s !Credit Card Generator
§ Credit Card Fraud Detection
o Credit Card Fraud Detection Technique: Pattern Detection
o Credit Card Fraud Detection Technique: Fraud Screening
o XCART: Online fraud Screening Service
o Card Watch
o MaxMind Credit Card Fraud Detection
o 3D Secure
o Limitations of 3D Secure
o FraudLabs
o www.pago.de
o Pago Fraud Screening Process
o What to do if you are a Victim of a Fraud
o Facts to be Noted by Consumers
§ Best Practices: Ways to Protect Your Credit Cards
How to Steal Passwords
§ Password Stealing
§ How to Steal Passwords
§ Password Stealing Techniques
§ Password Stealing Trojans
o MSN Hotmail Password Stealer
o AOL Password Stealer
o Trojan-PSW.Win32.M2.14.a
o CrazyBilets
o Dripper
o Fente
o GWGhost
o Kesk
o MTM Recorded pwd Stealer
o Password Devil
§ Password Stealing Tools
o Password Thief
o Remote Password Stealer
o POP3 Email Password Finder
o Instant Password Finder
o MessenPass
o PstPassword
o Remote Desktop PassView
o IE PassView
o Yahoo Messenger Password
§ Recommendations for Improving Password Security
§ Best Practices
Firewall Technologies
§ Firewalls: Introduction
§ Hardware Firewalls
o Hardware Firewall
o Netgear Firewall
o Personal Firewall Hardware: Linksys
o Personal Firewall Hardware: Cisco’s PIX
o Cisco PIX 501 Firewall
o Cisco PIX 506E Firewall
o Cisco PIX 515E Firewall
o CISCO PIX 525 Firewall
o CISCO PIX 535 Firewall
o Check Point Firewall
o Nortel Switched Firewall
§ Software Firewalls
o Software Firewall
§ Windows Firewalls
o Norton Personal Firewall
o McAfee Personal Firewall
o Symantec Enterprise Firewall
o Kerio WinRoute Firewall
o Sunbelt Personal Firewall
o Xeon Firewall
o InJoy Firewall
o PC Tools Firewall Plus
o Comodo Personal Firewall
o ZoneAlarm
§ Linux Firewalls
o KMyFirewall
o Firestarter
o Guarddog
o Firewall Builder
§ Mac OS X Firewalls
o Flying Buttress
o DoorStop X Firewall
o Intego NetBarrier X5
o Little Snitch
Threats and Countermeasures
* Domain Level Policies
o Account Policies
o Password Policy
o Password Policy
o Password Policy - Policies
* Enforce Password History
o Enforce Password History - Vulnerability
o Enforce Password History - Countermeasure
o Enforce Password History - Potential Impact
* Maximum Password Age
o Password Age - Vulnerability
o Maximum Password Age - Countermeasure
o Maximum Password Age - Potential Impact
o Maximum Password Age
o Minimum Password Age
o Minimum Password Age - Vulnerability
o Minimum Password Age - Countermeasure
o Minimum Password Age - Potential Impact
o Minimum Password Age
* Minimum Password Length
o Minimum Password Length - Vulnerability
o Minimum Password Length - Countermeasure
o Minimum Password Length - Potential Impact
o Minimum Password Length
* Passwords Must Meet Complexity Requirements
o Passwords must Meet Complexity Requirements - Vulnerability
o Passwords must Meet Complexity Requirements - Countermeasure
o Passwords must Meet Complexity Requirements - Potential Impact
o Passwords must Meet Complexity Requirements
* Store Password using Reversible Encryption for all Users in the Domain
* Account Lockout Policy
o Account Lockout Policy - Policies
* Account Lockout Duration
o Account Lockout Duration - Vulnerability
o Account Lockout Duration - Countermeasure
o Account Lockout Duration - Potential Impact
o Account Lockout Duration
* Account Lockout Threshold
o Account Lockout Threshold - Vulnerability
o Account Lockout Threshold - Countermeasure
o Account Lockout Threshold - Potential Impact
* Reset Account Lockout Counter After
* Kerberos Policy
o Kerberos Policy - Policies
* Enforce User Logon Restrictions
* Maximum Lifetime for Service Ticket
o Maximum Lifetime for User Ticket
o Maximum Lifetime for User Ticket Renewal
* Maximum Tolerance for Computer Clock Synchronization
* Audit Policy
o Audit Settings
o Audit Account Logon Events
o Audit Account Management
o Audit Directory Service Access
o Audit Logon Events
o Audit Object Access
o Audit Policy Change
o Audit Privilege Use
o Audit Process Tracking
o Audit System Events
* User Rights
* Access this Computer from the Network
* Act as Part of the Operating System
* Add Workstations to Domain
* Adjust Memory Quotas for a Process
* Allow Log On Locally
* Allow Log On through Terminal Services
* Back Up Files and Directories
* Bypass Traverse Checking
* Change the System Time
* Create a Page File
* Create a Token Object
* Create Global Objects
* Create Permanent Shared Objects
* Debug Programs
* Deny Access to this Computer from the Network
* Deny Log On as a Batch Job
* Deny Log On as a Service
* Deny Log On Locally
* Deny Log On through Terminal Services
* Enable Computer and User Accounts to be Trusted for Delegation
* Force Shutdown from a Remote System
* Generate Security Audits
* Impersonate a Client after Authentication
* Increase Scheduling Priority
* Load and Unload Device Drivers
* Lock Pages in Memory
* Log On as a Batch Job
* Log On as a Service
* Manage Auditing and Security Log
* Modify Firmware Environment Values
* Perform Volume Maintenance Tasks
* Profile Single Process
* Profile System Performance
* Remove Computer from Docking Station
* Replace a Process Level Token
* Restore Files and Directories
* Shut Down the System
* Synchronize Directory Service Data
* Take Ownership of Files or Other Objects
* Security Options
* Accounts: Administrator Account Status
o Accounts: Administrator Account Status - Vulnerability
o Accounts: Administrator Account Status
o Accounts: Guest Account Status
o Accounts: Limit Local Account Use of Blank Passwords to Console Logon Only
o Accounts: Rename Administrator Account
o Accounts: Rename Guest Account
* Audit: Audit the Access of Global System Objects
o Audit: Audit the Use of Backup and Restore Privilege
o Audit: Shut Down System Immediately if Unable to Log Security Audits
* DCOM: Machine Access/Launch Restrictions in Security Descriptor Definition Language (SDDL)
o DCOM: Machine Access/Launch Restrictions in Security Descriptor Definition Language (SDDL)
* Devices: Allow Undock without having to Log On
* Devices: Allowed to Format and Eject Removable Media
* Devices: Prevent Users from Installing Printer Drivers
* Devices: Restrict CD-ROM/Floppy Access to Locally Logged-on User Only
* Devices: Restrict CD-ROM Access to Locally Logged-on User Only
* Devices: Unsigned Driver Installation Behavior
* Domain Controller: Allow Server Operators to Schedule Tasks
* Domain Controller: LDAP Server Signing Requirements
* Domain Controller: Refuse Machine Account Password Changes
* Domain Member: Digitally Encrypt or Sign Secure Channel Data
* Domain Member: Disable Machine Account Password Changes
* Domain Member: Maximum Machine Account Password Age
* Domain Member: Require Strong (Windows 2000 or Later) Session Key
* Interactive Logon: Do Not Display Last User Name
* Interactive Logon: Do Not Require CTRL+ALT+DEL
* Interactive Logon: Message Text for Users Attempting to Log On
* Interactive Logon: Number of Previous Logons to Cache
* Interactive Logon: Prompt User to Change Password before Expiration
* Interactive Logon: Require Domain Controller Authentication to Unlock Workstation
* Interactive Logon: Require Smart Card
* Interactive Logon: Smart Card Removal Behavior
* Microsoft Network Client and Server: Digitally Sign Communications (Four Related Settings)
* Microsoft Network Client: Send Unencrypted Password to Third-party SMB Servers
* Microsoft Network Server: Amount of Idle Time Required before Suspending Session
* Microsoft Network Server: Disconnect Clients when Logon Hours Expire
* Network Access: Allow Anonymous SID/Name Translation
* Network Access: Do Not Allow Anonymous Enumeration of SAM Accounts
* Network Access: Do Not Allow Storage of Credentials or .NET Passports for Network Authentication
* Network Access: Let Everyone Permissions Apply to Anonymous Users
* Network Access: Named Pipes that can be Accessed Anonymously
* Network Access: Remotely Accessible Registry Paths
* Network Access: Remotely Accessible Registry Paths and Sub-paths
* Network Access: Restrict Anonymous Access to Named Pipes and Shares
* Network Access: Shares that can be Accessed Anonymously
* Network Access: Sharing and Security Model for Local Accounts
* Network Security: Do Not Store LAN Manager Hash Value on Next Password Change
* Network Security: Force Logoff when Logon Hours Expire
* Network Security: LAN Manager Authentication Level
* Network Security: LDAP Client Signing Requirements
* Network Security: Minimum Session Security for NTLM SSP based (Including Secure RPC) Clients/Servers
* Network Security: Minimum Session Security for NTLM SSP based (Including Secure RPC) Clients
* Recovery Console: Allow Automatic Administrative Logon
* Recovery Console: Allow Floppy Copy and Access to all Drives and all Folders
* Shutdown: Allow System to be Shut Down Without Having to Log On
* Shutdown: Clear Virtual Memory Page File
* System Cryptography: Force Strong Key Protection for User Keys Stored on the Computer
* System Cryptography: Use FIPS Compliant Algorithms for Encryption, Hashing, and Signing
* System Objects: Default Owner for Objects Created by Members of the Administrators Group
* System Objects: Require Case Insensitivity for Non-Windows Subsystems
* System Objects: Strengthen Default Permissions of Internal System Objects
* System Settings: Use Certificate Rules on Windows Executables for Software Restriction Policies
* Event Log
o Maximum Event Log Size
o Prevent Local Guests Group from Accessing Event Logs
o Retain Event Logs
o Retention Method for Event Log
o Delegating Access to the Event Logs
* System Services
* Services Overview
* Do Not Set Permissions on Service Objects
* Manually Editing Security Templates
* System Services - Alerter
* Application Experience Lookup Service
* Application Layer Gateway Service
* Application Management
* ASP .NET State Service
* Automatic Updates
* Background Intelligent Transfer Service (BITS)
* Certificate Services
* Client Service for NetWare
* ClipBook
* Cluster Service
* COM+ Event System
* COM+ System Application
* Computer Browser
* Cryptographic Services
* DCOM Server Process Launcher
* DHCP Client
* DHCP Server
* Distributed File System
* Distributed Link Tracking Client
* Distributed Link Tracking Server
* Distributed Transaction Coordinator
* DNS Client
* DNS Server
* Error Reporting Service
* Event Log
* Fast User Switching Compatibility
* Fax Service
* File Replication
* File Server for Macintosh
* FTP Publishing Service
* Help and Support
* HTTP SSL
* Human Interface Device Access
* IAS Jet Database Access
* IIS Admin Service
* IMAPI CD-Burning COM Service
* Indexing Service
* Infrared Monitor
* Internet Authentication Service
* Intersite Messaging
* IP Version 6 Helper Service
* IPSec Policy Agent (IPSec Service)
* IPSec Services
* Kerberos Key Distribution Center
* License Logging Service
* Logical Disk Manager
o Logical Disk Manager Administrative Service
* Machine Debug Manager
* Message Queuing
o Message Queuing Down Level Clients
o Message Queuing Triggers
o Messenger
* Microsoft POP3 Service
* Microsoft Software Shadow Copy Provider
* MSSQL$UDDI
* MSSQLServerADHelper
* .NET Framework Support Service
* Net Logon
* NetMeeting Remote Desktop Sharing
* Network Connections
* Network DDE
* Network DDE DSDM
* Network Location Awareness (NLA)
* Network Provisioning Service
* Network News Transfer Protocol (NNTP)
* NTLM Security Support Provider
* Performance Logs and Alerts
* Plug and Play
* Portable Media Serial Number
* Print Server for Macintosh
* Print Spooler
* Protected Storage
* QoS RSVP Service
* Remote Access Auto Connection Manager
o Remote Access Connection Manager
* Remote Administration Service
* Help Session Manager
o Remote Desktop Help Session Manager
* Remote Installation
o Remote Procedure Call (RPC)
o Remote Procedure Call (RPC) Locator
o Remote Registry Service
o Remote Server Manager
o Remote Server Monitor
o Remote Storage Notification
o Remote Storage Server
* Removable Storage
* Resultant Set of Policy Provider
* Routing and Remote Access
* SAP Agent
* Secondary Logon
* Security Accounts Manager
* Security Center
* Server
* Shell Hardware Detection
* Simple Mail Transport Protocol (SMTP)
* Simple TCP/IP Services
* Smart Card
* Special Administration Console Helper
* System Event Notification
* System Restore Service
* Task Scheduler
* TCP/IP NetBIOS Helper Service
* TCP/IP Print Server
* Telnet
* Terminal Services
o Terminal Services Licensing
o Terminal Services Session Directory
* Trivial FTP Daemon
* Uninterruptible Power Supply
* Upload Manager
* Virtual Disk Service
* WebClient
* Web Element Manager
* Windows Firewall /Internet Connection Sharing
o Windows Installer
o Windows System Resource Manager
o Windows Time
* WinHTTP Web Proxy Auto-Discovery Service
* Wireless Configuration
* Workstation
* World Wide Web Publishing Service
* Software Restriction Policies
* The Threat of Malicious Software
* Windows XP and Windows Server 2003 Administrative Templates
* Computer Configuration Settings
* NetMeeting
* Disable Remote Desktop Sharing
* Internet Explorer Computer Settings
* Disable Automatic Install of Internet Explorer Components
* Disable Periodic Check for Internet Explorer Software Updates
* Disable Software Update Shell Notifications on Program Launch
* Make Proxy Settings Per-Machine (Rather than Per-User)
* Security Zones: Do Not Allow Users to Add/Delete Sites
* Turn off Crash Detection
* Do Not Allow Users to Enable or Disable Add-ons
* Internet Explorer\Internet Control Panel\Security Page
* Internet Explorer\Internet Control Panel\Advanced Page
* Allow Software to Run or Install Even if the Signature is Invalid
* Allow Active Content from CDs to Run on User Machines
* Allow Third-party Browser Extensions
* Check for Server Certificate Revocation
* Check for Signatures On Downloaded Programs
* Do Not Save Encrypted Pages to Disk
* Empty Temporary Internet Files Folder when Browser is Closed
* Internet Explorer\Security Features
* Binary Behavior Security Restriction
* MK Protocol Security Restriction
* Local Machine Zone Lockdown Security
* Consistent MIME Handling
* MIME Sniffing Safety Features
* Scripted Window Security Restrictions
* Restrict ActiveX Install
* Restrict File Download
* Network Protocol Lockdown
* Internet Information Services
* Prevent IIS Installation
* Terminal Services
* Deny Log Off of an Administrator Logged in to the Console Session
* Do Not Allow Local Administrators to Customize Permissions
* Sets Rules for Remote Control of Terminal Services User Sessions
* Client/Server Data Redirection
* Allow Time Zone Redirection
* Do Not Allow COM Port Redirection
* Do Not Allow Client Printer Redirection
* Do Not Allow LPT Port Redirection
* Do Not Allow Drive Redirection
* Encryption and Security
* Set Client Connection Encryption Level
* Always Prompt Client For A Password On Connection
* RPC Security Policy
* Secure Server (Require Security)
* Sessions
* Set Time Limit For Disconnected Sessions
* Allow Reconnection From Original Client Only
* Windows Explorer
* Turn Off Shell Protocol Protected Mode
* Windows Messenger
* Windows Update
* Configure Automatic Updates
* Reschedule Automatic Updates Scheduled Installations
* System
* Turn off Autoplay
* Do Not Process The Run Once List
* Logon
* Don't Display The Getting Started Welcome Screen At Logon
* Do Not Process The Legacy Run List
* Group Policy
* Internet Explorer Maintenance Policy Processing
* IP Security Policy Processing
* Registry Policy Processing
* Security Policy Processing
* Error Reporting
* Display Error Notification
* Report Errors
* Internet Communications Management
* Distributed COM
* Browser Menus
* Disable Save This Program To Disk Option
* Attachment Manager
* Inclusion List For High Risk File Types
* Inclusion List For Moderate Risk File Types
* Inclusion List For Low File Types
* Trust Logic For File Attachments
* Hide Mechanisms To Remove Zone Information
* Notify Antivirus Programs When Opening Attachments
* Windows Explorer
* Remove Security Tab
* System\Power Management
* Additional Registry Entries
* How to Modify the Security Configuration Editor User Interface
* TCP/IP-Related Registry Entries
* Disableipsourcerouting: IP Source Routing Protection Level (Protects Against Packet Spoofing)
* Enabledeadgwdetect: Allow Automatic Detection Of Dead Network Gateways (Could Lead To Dos)
* Enableicmpredirect: Allow ICMP Redirects To Override OSPF Generated Routes
* Keepalivetime: How Often Keep-alive Packets Are Sent In Milliseconds (300,000 Is Recommended)
* Synattackprotect: Syn Attack Protection Level (Protects Against Dos)
* Tcpmaxconnectresponseretransmissions: SYN-ACK Retransmissions When A Connection Request Is Not Acknowledged
* Tcpmaxdataretransmissions: How Many Times Unacknowledged Data Is Retransmitted (3 Recommended, 5 Is Default)
* Miscellaneous Registry Entries
* Configure Automatic Reboot from System Crashes
* Enable Administrative Shares
* Disable Saving of Dial-Up Passwords
* Hide the Computer from Network Neighborhood Browse Lists: Hide Computer From the Browse List
* Configure Netbios Name Release Security: Allow the Computer to Ignore Netbios Name Release Requests Except from WINS Servers
* Enable Safe DLL Search Order: Enable Safe DLL Search Mode (Recommended)
* Security Log Near Capacity Warning: Percentage Threshold for the Security Event Log at which the System will Generate a Warning
* Registry Entries Available In Windows XP With SP2 And Windows Server 2003 With SP1
* RunInvalidSignatures
* Registry Entries Available in Windows XP with SP2
* Security Center Registry Entries for XP
* StorageDevicePolicies\WriteProtect
* Registry Entries Available in Windows Server 2003 with SP1
* UseBasicAuth
* DisableBasicOverClearChannel
* Additional Countermeasures
* Securing the Accounts
* NTFS
* Data and Application Segmentation
* Configure SNMP Community Name
* Disable NetBIOS and SMB on Public Facing Interfaces
* Disable Dr. Watson: Disable Automatic Execution of Dr. Watson System Debugger
* Configure IPsec Policies
* Configuring Windows Firewall
Botnets
Economic Espionage
Patch Management
Security Convergence
Identifying the Terrorist
|
