Published on

  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. EC-Council's Certified Ethical Hacker FIVE DAYS v3.0 COURSE DESCRIPTION To catch a thief, you must think like a thief. To protect your network from a hacker, you have to get inside that hacker's mind. There is only one way to find out if your network is truly secure, and that is to attack your own computer the way a hacker does. This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking. This course prepares you for EC-Council's Certified Ethical Hacker exam 312-50. PREREQUISITES Administering Windows 2000 Servers TCP/IP Technical background NetBIOS and Windows file sharing DNS, WINS and DHCP Presented through a NTFS and File Permissions partnership with Mile2 Linux basics skills Linux Configuring IP address Linux Configuring Routing Linux Compiling and running programs CALC/Canterbury Corp. ~ 400 Lanidex Plaza ~ Parsippany, NJ 07054 P: 973-781-9300 ~ F: 973-781-0939 ~
  2. 2. EC-Council's Certified Ethical Hacker Page 2 of 9 RECOMMENDED PREP MATERIAL IF REQUIRED: Running Linux by Matt Welsh (O'Reilly) ISBN# 0596-00272-6 We will be using Knoppix version of Linux distribution. You can get started by downloading version at Download trial version of VMWare from (Choose Desktop Version) AUDIENCE This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. LEGAL AGREEMENT Ethical Hacking and Countermeasures course mission is to educate, introduce and demonstrate hacking tools for penetration testing purposes only. Prior to attending this course, you will be asked to sign an agreement stating that you will not use the newly acquired skills for illegal or malicious attacks and you will not use such tools in an attempt to compromise any computer system, and to indemnify EC-Council with respect to the use or misuse of these tools, regardless of intent. Not anyone can be a student — the Accredited Training Centers (ATC) will make sure the applicants work for legitimate companies. OUTLINE Cyber Security Enhancement Act of 2002 MODULE 1: ETHICS AND LEGALITY Computer Crimes Overview of US Federal Laws What is an Exploit? Section 1029 The security functionality triangle Section 1030 The attacker's process Hacking Punishment Passive reconnaissance Active reconnaissance MODULE 2: FOOTPRINTING Types of attacks Categories of exploits What is Footprinting Goals attackers try to achieve Steps for gathering information Ethical hackers and crackers - who Whois are they Self proclaimed ethical hacking Hacking Tool: Sam Spade Hacking for a cause (Hacktivism) Analyzing Whois output Skills required for ethical hacking NSLookup Categories of Ethical Hackers Finding the address range of the network What do Ethical Hackers do? ARIN Security evaluation plan Traceroute Types of Ethical Hacks Hacking Tool: NeoTrace Testing Types Ethical Hacking Report CALC/Canterbury Corp. ~ 400 Lanidex Plaza ~ Parsippany, NJ 07054 P: 973-781-9300 ~ F: 973-781-0939 ~
  3. 3. EC-Council's Certified Ethical Hacker Page 3 of 9 Visual Route Visual Lookout MODULE 4: ENUMERATION Hacking Tool: Smart Whois What is Enumeration Hacking Tool: eMailTracking Pro NetBios Null Sessions Hacking Tool: Null Session Countermeasures NetBIOS Enumeration MODULE 3: SCANNING Hacking Tool: DumpSec Determining if the system is alive? Hacking Tool: Hyena Active stack fingerprinting Hacking Tool: NAT Passive stack fingerprinting SNMP Enumertion Hacking Tool: Pinger SNMPUtil Hacking Tool: Friendly Pinger Hacking Tool: IP Network Browser Hacking Tool: WS_Ping_Pro SNMP Enumeration Countermeasures Hacking Tool: Netscan Tools Pro Windows 2000 DNS Zone transfer 2000 Identifying Win2000 Accounts Hacking Tool: Hping2 Hacking Tool: User2SID Hacking Tool: KingPing Hacking Tool: SID2User Hacking Tool: icmpenum Hacking Tool: Enum Hacking Tool: SNMP Scanner Hacking Tool: UserInfo Detecting Ping sweeps Hacking Tool: GetAcct ICMP Queries Hacking Tool: smbbf Hacking Tool: SMB Auditing Tools Port Scanning Active Directory Enumeration TCPs 3-way handshake W2K Active Directory attack TCP Scan types Hacking Tool: IPEye MODULE 5: SYSTEM HACKING Hacking Tool: IPSECSCAN Administrator Password Guessing Hacking Tool: nmap Performing Automated Password Guessing Port Scan countermeasures Legion Hacking Tool: HTTrack Web Copier NTInfoScan Network Management Tools Defending Against Password Guessing SolarWinds Toolset Monitoring Event Viewer Logs NeoWatch VisualLast War Dialing Eavesdroppin on Network Password Hacking Tool: THC-Scan Exchange Hacking Tool: PhoneSweep War Hacking Tool: L0phtCrack Dialer Hacking Tool: KerbCrack Hacking Tool: Telesweep Privilege Escalation Hacking Tool: Queso Hacking Tool: GetAdmin Hacking Tool: Cheops Hacking Tool: hk Proxy Servers Manual Password Cracking Algorithm Hacking Tool: SocksChain Automatic Password Cracking Algorithm Surf the web anonymously Password Types TCP/IP through HTTP Tunneling Types of Password Attacks Hacking Tool: HTTPort Dictionary Attack Hacking Tool: Tunneld Brute Force Attack Hacking Tool: BackStealth Distributed Brute Force Attack Password Change Interval Hybrid Attack Cracking Windows 2000 Passwords Retrieving the SAM file Redirecting SMB Logon to the Attacker CALC/Canterbury Corp. ~ 400 Lanidex Plaza ~ Parsippany, NJ 07054 P: 973-781-9300 ~ F: 973-781-0939 ~
  4. 4. EC-Council's Certified Ethical Hacker Page 4 of 9 SMB Redirection Hacking Tool: BlindSide Hacking Tool: SMBRelay Hacking Tool: MP3Stego Hacking Tool: SMBRelay2 Hacking Tool: Snow Hacking Tool: pwdump2 Hacking Tool: Camera/Shy Hacking Tool: SAMdump Steganography Detection Hacking Tool: C2MYAZZ StegDetect Win32 Create Local Admin User Hacking Tool: Stealth Files Offline NT Password Resetter Encrypted File System Hacking Tool: psexec Hacking Tool: dskprobe Hacking Tool: remoxec Hacking Tool: EFSView SMBRelay Man-in-the-Middle Buffer Overflows (MITM) Creating Buffer Overflow Exploit SMBRelay MITM Countermeasures Outlook Buffer Overflow Hacking Tool: SMBGrinder Hacking Tool: Outoutlook Hacking Tool: SMBDie Hacking Tool: NBTDeputy MODULE 6: TROJANS AND BACKDOORS NetBIOS DoS Attack What is a Trojan Horse? Hacking Tool: nbname Overt and Covert Hacking Tool: John the Ripper Hacking Tool: QAZ LanManager Hash Hacking Tool: Tini Password Cracking Hacking Tool: Netcat Countermeasures Hacking Tool: Donald Dick Keystroke Logger Hacking Tool: SubSeven Hacking Tool: Spector Hacking Tool: BackOrifice 2000 AntiSpector Back Oriffice Plug-ins Hacking Tool: eBlaster BoSniffer Hacking Tool: SpyAnywhere Hacking Tool: NetBus Hacking Tool: IKS Software Logger ComputerSpy Key Logger Hacking Tool: Fearless Key Logger Hacking Tool: Beast Trojan Hacking Tool: E-mail Keylogger Hacking Tool: CyberSpy Telnet Trojan Hardware Tool: Hardware Key Logger Hacking Tool: SubRoot Telnet Trojan Hacking Tool: Rootkit Hacking Tool: LetMeRule Planting Rootkit on Windows 2000 Wrappers Machine Hacking Tool: Graffiti _rootkit_ embedded TCP/IP Stack Hacking Tool: Silk Rope 2000 Rootkit Countermeasures Hacking Tool: EliteWrap MD5 Checksum utility Hacking Tool: IconPlus Tripwire Packaging Tool: Microsoft WordPad Covering Tracks Hacking Tool: Whack a Mole Disabling Auditing Trojan Construction Kit Auditpol Writing Trojans in Java Clearing the Event Log Hacking Tool: FireKiller 2000 Hacking Tool: Elslave Covert Channels Hacking Tool: Winzapper ICMP Tunneling Hacking Tool: Evidence Eliminator Hacking Tool: Loki Hidding Files Reverse WWW Shell NTFS File Streaming Backdoor Countermeasures Hacking Tool: makestrm BO Startup and Registry Entries NTFS Streams Countermeasures NetBus Startup and Registry Keys LNS Port Monitoring Tools Steganography fPort Hacking Tool: ImageHide TCPView CALC/Canterbury Corp. ~ 400 Lanidex Plaza ~ Parsippany, NJ 07054 P: 973-781-9300 ~ F: 973-781-0939 ~
  5. 5. EC-Council's Certified Ethical Hacker Page 5 of 9 Process Viewer Hacking Tool: SYN Flood Inzider - Tracks Processes and Hacking Tool: CPU Hog Ports Hacking Tool: Win Nuke Trojan Maker Hacking Tool: RPC Locator Hacking Tool: Hard Disk Killer Hacking Tool: Jolt2 Man-in-the-Middle Attack Hacking Tool: Bubonic Hacking Tool: dsniff Hacking Tool: Targa System File Verification Tools for Running DDoS Attacks TripWire Hacking Tool: Trinoo Hacking Tool: WinTrinoo MODULE 7: SNIFFERS Hacking Tool: TFN Hacking Tool: TFN2K What is a Sniffer? Hacking Tool: Stacheldraht Hacking Tool: Ethereal Hacking Tool: Shaft Hacking Tool: Snort Hacking Tool: mstream Hacking Tool: WinDump DDoS Attack Sequence Hacking Tool: EtherPeek Preventing DoS Attack Passive Sniffing DoS Scanning Tools Active Sniffing Find_ddos Hacking Tool: EtherFlood SARA Hacking Tool: ArpSpoof DDoSPing Hacking Tool: DSniff RID Hacking Tool: Macof Zombie Zapper Hacking Tool: mailsnarf Hacking Tool: URLsnarf MODULE 9: SOCIAL ENGINEERING Hacking Tool: Webspy Hacking Tool: Ettercap What is Social Engineering? Hacking Tool: WebMiTM Art of Manipulation IP Restrictions Scanner Human Weakness Hacking Tool: sTerm Common Types of Social Engineering Hacking Tool: Cain and Abel Human Based Impersonation Hacking Tool: Packet Crafter Important User Hacking Tool: SMAC Tech Support MAC Changer Third Party Authorization ARP Spoofing Countermeasures In Person Hacking Tool: WinDNSSpoof Dumpster Diving Hacking Tool: Distributed DNS Flooder Shoulder Surfing Computer Impersonation Hacking Tool: WinSniffer Mail Attachments Network Tool: IRIS Popup Windows Network Tool: NetInterceptor Website Faking SniffDet Reverse Social Engineering Hacking Tool: WinTCPKill Policies and Procedures Social Engineering Security Policies MODULE 8: DENIAL OF SERVICE The Importance of Employee Education What is Denial of Service Attack? Types of DoS Attacks MODULE 10: SESSION HIJACKING How DoS Work? What is Session Hijacking? What is DDoS? Session Hijacking Steps Hacking Tool: Ping of Death Spoofing Vs Hijacking Hacking Tool: SSPing Active Session Hijacking Hacking Tool: Land Passive Session Hijacking Hacking Tool: Smurf TCP Concepts - 3 way Handshake CALC/Canterbury Corp. ~ 400 Lanidex Plaza ~ Parsippany, NJ 07054 P: 973-781-9300 ~ F: 973-781-0939 ~
  6. 6. EC-Council's Certified Ethical Hacker Page 6 of 9 Sequence Numbers File System Traversal Countermeasures Sequence Number Example Microsoft HotFix Problems Guessing the Sequence Numbers UpdateExpert Hacking Tool: Juggernaut Cacls utility Hacking Tool: Hunt Network Tool: Whisker Hacking Tool: TTYWatcher N-Stealth Scanner Hacking Tool: IP Watcher Hacking Tool: WebInspect Hacking Tool: T-Sight Network Tool: Shadow Security Scanner Remote TCP Session Reset Utility Dangers Posed by Session MODULE 12: WEB APPLICATION Hijacking VULNERABILITIES Protection against Session Hijacking Documenting the Application Structure Manually Inspecting Applications MODULE 11: HACKING WEB Using Google to Inspect Applications SERVERS Directory Structure Apache Vulnerability Hacking Tool: Instant Source Attacks against IIS Java Classes and Applets IIS Components Hacking Tool: Jad ISAPI DLL Buffer Overflows HTML Comments and Contents IPP Printer Overflow Hacking Tool: Lynx msw3prt.dll Hacking Tool: Wget Oversized Print Requests Hacking Tool: Black Widow Hacking Tool: Jill32 Hacking Tool: WebSleuth Hacking Tool: IIS5-Koei Cross Side Scripting Hacking Tool: IIS5Hack Session Hijacking using XSS IPP Buffer Overflow Cookie Stealing Countermeasures Hacking Tool: IEEN ISAPI DLL Source Disclosure Hacking Tool: IEflaw ISAPI.DLL Exploit Exposing Sensitive Data with Google Defacing Web Pages IIS Directory Traversal MODULE 13: WEB BASED PASSWORD Unicode CRACKING TECHNIQUES Directory Listing Basic Authentication Clearing IIS Logs Message Digest Authentication Network Tool: LogAnalyzer NTLM Authentication Attack Signature Certificate based Authentication Creating Internet Explorer (IE) Trojan Digital Certificates Hacking Tool: IISExploit Microsoft Passport Authentication Hacking Tool: Forms based Authentication Hacking Tool: cmdasp.asp Creating Fake Certificates Escalating Privilages on IIS Hacking Tool: WinSSLMiM Hacking Tool: IISCrack.dll Password Guessing Hacking Tool: ispc.exe Dfault Account Database IIS WebDav Vulnerability Hacking Tool: WebCracker Hacking Tool: WB Hacking Tool: Brutus RPC Exploit-GUI Hacking Tool: ObiWan Hacking Tool: Hacking Tool: Munga Bunga DComExpl_UnixWin32 Password dictionary Files Hacking Tool: Plonk Attack Time Unspecified Executable Path Hacking Tool: Variant Vulnerability Hacking Tool: PassList Hacking Tool: CleanIISLog Query Strings CALC/Canterbury Corp. ~ 400 Lanidex Plaza ~ Parsippany, NJ 07054 P: 973-781-9300 ~ F: 973-781-0939 ~
  7. 7. EC-Council's Certified Ethical Hacker Page 7 of 9 Post data Melissa Hacking Tool: cURL Pretty Park Stealing Cookies Code Red Worm Hacking Tool: CookieSpy W32/Klez Hacking Tool: ReadCookies BugBear Hacking Tool: SnadBoy W32/Opaserv Worm Nimda MODULE 14: SQL INJECTION Code Red SQL Slammer What is SQL Injection Vulnerability? Batch File Virus Creator SQL Insertion Discovery How to write your own Virus? Blank sa Password Worm Construction Kits Simple Input Validation SQL Injection MODULE 17: NOVELL HACKING OLE DB Errors 1=1 Common accounts and passwords blah' or 1=1 Accessing password files Preventing SQL Injection Password crackers Database Specific SQL Injection Netware Hacking Tools Hacking Tool: SQLDict Chknull Hacking Tool: SQLExec NOVELBFH Hacking Tool: SQLbf NWPCRACK Hacking Tool: SQLSmack Bindery Hacking Tool: SQL2.exe BinCrack Hacking Tool: Oracle Password SETPWD.NLM Buster Kock userdump MODULE 15: HACKING WIRELESS Burglar NETWORKS Getit 802.11 Standards Spooflog What is WEP? Gobbler Finding WLANs Novelffs Cracking WEP keys Pandora Sniffing Trafic MODULE 18: LINUX HACKING Wireless DoS Attacks WLAN Scanners Why Linux ? WLAN Sniffers Linux Basics MAC Sniffing Compiling Programs in Linux Access Point Spoofing Scanning Networks Securing Wireless Networks Mapping Networks Hacking Tool: NetTumbler Password Cracking in Linux Hacking Tool: AirSnort Linux Vulnerabilities Hacking Tool: AiroPeek SARA Hacking Tool: WEP Cracker TARA Hacking Tool: Kismet Sniffing Hacking Tool: AirSnarf A Pinger in Disguise WIDZ- Wireless IDS Session Hijacking Linux Rootkits MODULE 16: VIRUS AND WORMS Linux Security Countermeasures Cherobyl IPChains and IPTables ExploreZip MODULE 19: IDS, FIREWALLS AND I Love You HONEYPOTS CALC/Canterbury Corp. ~ 400 Lanidex Plaza ~ Parsippany, NJ 07054 P: 973-781-9300 ~ F: 973-781-0939 ~
  8. 8. EC-Council's Certified Ethical Hacker Page 8 of 9 Intrusion Detection System Defense against Buffer Overflows System Integrity Verifiers Type Checking Tools for Compiling How are Intrusions Detected? Programs Anomaly Detection StackGuard Immunix Signature Recognition How does IDS match Signatures MODULE 21: CRYPTOGRAPHY with Incoming Traffic? What is PKI? Protocol Stack Verification Digital Certificates Application Protocol Verification RSA What Happens after an IDS Detects MD-5 an Attack? RC-5 IDS Software Vendors SHA SNORT SSL Evading IDS (Techniques) PGP Complex IDS Evasion SSH Hacking Tool: fragrouter Encryption Cracking Techniques Hacking Tool: TCPReplay Hacking Tool: SideStep MODULE 22: PENETRATION TESTING Hacking Tool: NIDSbench METHODOLOGIES Hacking Tool: ADMutate IDS Detection Physical Security Testing Tools to Detect Packet Sniffers Port Scanning Testing Tools to inject strangely formatted System Identification Testing packets onto the wire Services Identification Testing Hacking Through Firewalls Vulnerability Research and Verification Placing Backdoors through Firewalls Testing Hiding behind Covert Channels Application Testing and Source Code Hacking Tool: Ncovert Review What is a Honeypot? Router Testing Honeypots Evasion Firewall Testing Honeypots vendors Intrusion Detection System Testing Hacking Tool: Honeyd Domain Trusted Systems Testing Application Password Cracking Testing MODULE 20: BUFFER OVERFLOWS Denial of Service Testing Containment Measures Testing What is a Buffer Overflow? Information Security Exploitation Document Grinding Assembly Language Basics Gathering Competitive Intelligence How to Detect Buffer Overflows in a Social Engineering Testing Program? Wireless Networks Testing Skills Required Cordless Communications Testing CPU/OS Dependency Infrared Systems Testing Understanding Stacks Modem Testing Stack Based Buffer Overflows Writing Penetration Testing Reports Buffer Overflow Technical Implementation Writing your own Buffer Overflow Exploit in C © 2002 EC-Council. All rights reserved. This document is for informational purposes only. EC-Council MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. EC-Council logo is CALC/Canterbury Corp. ~ 400 Lanidex Plaza ~ Parsippany, NJ 07054 P: 973-781-9300 ~ F: 973-781-0939 ~
  9. 9. EC-Council's Certified Ethical Hacker Page 9 of 9 registered trademarks or trademarks of EC-Council in the United States and/or other countries. Calc/Canterbury is Mile2's authorized delivery partner for Certified Ethical Hacker Training in Parsippany NJ CALC/Canterbury Corp. ~ 400 Lanidex Plaza ~ Parsippany, NJ 07054 P: 973-781-9300 ~ F: 973-781-0939 ~