• Сб. Июл 20th, 2024

Ethical Hacking and Countermeasures (спецификация курса)

Module 01: Introduction to Ethical Hacking

Information Security Overview
Internet is Integral Part of Business and Personal Life — What Happens Online in 60 Seconds
Essential Terminology
Elements of Information Security
The Security, Functionality, and Usability Triangle
Information Security Threats and Attack Vectors
Motives, Goals, and Objectives of Information Security Attacks
Top Information Security Attack Vectors
Information Security Threat Categories
Types of Attacks on a System
Information Warfare

Hacking Concepts
What is Hacking?
Who is a Hacker?
Hacker Classes
Hacking Phases
o Reconnaissance
o Scanning

Gaining Access
o Maintaining Access
o Clearing Tracks
Ethical Hacking Concepts
What is Ethical Hacking?
Why Ethical Hacking is Necessary
Scope and Limitations of Ethical Hacking
Skills of an Ethical Hacker
Information Security Controls
Information Assurance (IA)
Information Security Management Program
Enterprise Information Security Architecture (EISA)
Network Security Zoning
Information Security Policies
o Types of Security Policies
o Examples of Security Policies
o Privacy Policies at Workplace
o Steps to Create and Implement Security Policies
o HR/Legal Implications of Security Policy Enforcement
Physical Security
o Types of Physical Security Control
o Physical Security Controls
What is Risk?
o Risk Management
o Key Roles and Responsibilities in Risk Management
Threat Modeling
Incident Management
o Incident Management Process
o Responsibilities of an Incident Response Team
Security Incident and Event Management (SIEM)

SIEM Architecture
User Behavior Analytics (UBA)
Network Security Controls
o Access Control
o Types of Access Control
o User Identification, Authentication, Authorization and Accounting
Identity and Access Management (IAM)
Data Leakage
o Data Leakage Threats
o What is Data Loss Prevention (DLP)?
Data Backup
Data Recovery
Role of AI/ML in Cyber Security
Penetration Testing Concepts
Penetration Testing
Why Penetration Testing
Comparing Security Audit, Vulnerability Assessment, and Penetration Testing
Blue Teaming/Red Teaming
Types of Penetration Testing
Phases of Penetration Testing
Security Testing Methodology
Information Security Laws and Standards
Payment Card Industry Data Security Standard (PCI-DSS)
ISO/IEC 27001:2013
Health Insurance Portability and Accountability Act (HIPAA)
Sarbanes Oxley Act (SOX)
The Digital Millennium Copyright Act (DMCA)
Federal Information Security Management Act (FISMA)
Cyber Law in Different Countries

Module 02: Footprinting and Reconnaissance

Footprinting Concepts
What is Footprinting?
Objectives of Footprinting
Footprinting through Search Engines
Footprinting through Search Engines
Footprint Using Advanced Google Hacking Techniques
Information Gathering Using Google Advanced Search and Image Search
Google Hacking Database
VoIP and VPN Footprinting through Google Hacking Database
Footprinting through Web Services
Finding Company’s Top-level Domains (TLDs) and Sub-domains
Finding the Geographical Location of the Target
People Search on Social Networking Sites and People Search Services
Gathering Information from LinkedIn
Gather Information from Financial Services
Footprinting through Job Sites
Monitoring Target Using Alerts
Information Gathering Using Groups, Forums, and Blogs
Determining the Operating System
VoIP and VPN Footprinting through SHODAN
Footprinting through Social Networking Sites
Collecting Information through Social Engineering on Social Networking Sites
Website Footprinting
Website Footprinting
Website Footprinting using Web Spiders
Mirroring Entire Website
Extracting Website Information from https://archive.org
Extracting Metadata of Public Documents
Monitoring Web Pages for Updates and Changes

Email Footprinting
Tracking Email Communications
Collecting Information from Email Header
Email Tracking Tools
Competitive Intelligence
Competitive Intelligence Gathering
Competitive Intelligence — When Did this Company Begin? How Did it Develop?
Competitive Intelligence — What Are the Company’s Plans?
Competitive Intelligence — What Expert Opinions Say About the Company
Monitoring Website Traffic of Target Company
Tracking Online Reputation of the Target
Whois Footprinting
Whois Lookup
Whois Lookup Result Analysis
Whois Lookup Tools
Finding IP Geolocation Information
DNS Footprinting
Extracting DNS Information
DNS Interrogation Tools
Network Footprinting
Locate the Network Range
Traceroute Analysis
Traceroute Tools
Footprinting through Social Engineering
Footprinting through Social Engineering
Collect Information Using Eavesdropping, Shoulder Surfing, and Dumpster Diving
Footprinting Tools
Ethical Hacking and Counterme Recon-Dog
Additional Footprinting Tools
Footprinting Countermeasures
Footprinting Pen Testing
Footprinting Pen Testing
Footprinting Pen Testing Report Templates

Module 03: Scanning Networks

Network Scanning Concepts
Overview of Network Scanning
TCP Communication Flags
TCP/IP Communication
Creating Custom Packet Using TCP Flags
Scanning in IPv6 Networks
Scanning Tools
Hping2 / Hping3
o Hping Commands
Scanning Tools
Scanning Tools for Mobile
Scanning Techniques
Scanning Techniques
o ICMP Scanning — Checking for Live Systems
o Ping Sweep — Checking for Live Systems
Ping Sweep Tools
o ICMP Echo Scanning
o TCP Connect / Full Open Scan
o Stealth Scan (Half-open Scan)
o Inverse TCP Flag Scanning
Xmas Scan
o ACK Flag Probe Scanning
o IDLE/IPID Header Scan
o UDP Scanning
o SSDP and List Scanning
Port Scanning Countermeasures
Scanning Beyond IDS and Firewall
IDS/Firewall Evasion Techniques
o Packet Fragmentation
o Source Routing
o IP Address Decoy
o IP Address Spoofing
IP Spoofing Detection Techniques: Direct TTL Probes
IP Spoofing Detection Techniques: IP Identification Number
IP Spoofing Detection Techniques: TCP Flow Control Method
IP Spoofing Countermeasures
o Proxy Servers
Proxy Chaining
Proxy Tools
Proxy Tools for Mobile
o Anonymizers
Censorship Circumvention Tools: Alkasir and Tails
Anonymizers for Mobile
Banner Grabbing
Banner Grabbing
How to Identify Target System OS
Banner Grabbing Countermeasures
Draw Network Diagrams
Drawing Network Diagrams
Network Discovery and Mapping Tools

Network Discovery Tools for Mobile
Scanning Pen Testing

Module 04: Enumeration

Enumeration Concepts
What is Enumeration?
Techniques for Enumeration
Services and Ports to Enumerate
NetBIOS Enumeration
NetBIOS Enumeration
NetBIOS Enumeration Tools
Enumerating User Accounts
Enumerating Shared Resources Using Net View
SNMP Enumeration
SNMP (Simple Network Management Protocol) Enumeration
Working of SNMP
Management Information Base (MIB)
SNMP Enumeration Tools
LDAP Enumeration
LDAP Enumeration
LDAP Enumeration Tools
NTP Enumeration
NTP Enumeration
NTP Enumeration Commands
NTP Enumeration Tools
SMTP and DNS Enumeration
SMTP Enumeration
SMTP Enumeration Tools
DNS Enumeration Using Zone Transfer

Other Enumeration Techniques
IPsec Enumeration
VoIP Enumeration
RPC Enumeration
Unix/Linux User Enumeration
Enumeration Countermeasures
Enumeration Countermeasures
Enumeration Pen Testing
Enumeration Pen Testing

Module 05: Vulnerability Analysis

Vulnerability Assessment Concepts
Vulnerability Research
Vulnerability Classification
What is Vulnerability Assessment?
Types of Vulnerability Assessment
Vulnerability-Management Life Cycle
o Pre-Assessment Phase: Creating a Baseline
o Vulnerability Assessment Phase
o Post Assessment Phase
Vulnerability Assessment Solutions
Comparing Approaches to Vulnerability Assessment
Working of Vulnerability Scanning Solutions
Types of Vulnerability Assessment Tools
Characteristics of a Good Vulnerability Assessment Solution
Choosing a Vulnerability Assessment Tool
Criteria for Choosing a Vulnerability Assessment Tool
Best Practices for Selecting Vulnerability Assessment Tools
Vulnerability Scoring Systems
Common Vulnerability Scoring System (CVSS)
Common Vulnerabilities and Exposures (CVE)

National Vulnerability Database (NVD)
Resources for Vulnerability Research
Vulnerability Assessment Tools
Vulnerability Assessment Tools
o Qualys Vulnerability Management
o Nessus Professional
o GFI LanGuard
o Qualys FreeScan
o Nikto
o OpenVAS
o Retina CS
o Microsoft Baseline Security Analyzer (MBSA)
o AVDS — Automated Vulnerability Detection System
o Vulnerability Assessment Tools
Vulnerability Assessment Tools for Mobile
Vulnerability Assessment Reports
Vulnerability Assessment Reports
Analyzing Vulnerability Scanning Report

Module 06: System Hacking

System Hacking Concepts
CEH Hacking Methodology (CHM)
System Hacking Goals
Cracking Passwords
Password Cracking
Types of Password Attacks
o Non-Electronic Attacks
o Active Online Attack
Dictionary, Brute Forcing and Rule-based Attack
Password Guessing

Default Passwords
Example of Active Online Attack Using USB Drive
Hash Injection Attack
LLMNR/NBT-NS Poisoning
o Passive Online Attack
Wire Sniffing
Man-in-the-Middle and Replay Attack
o Offline Attack
Rainbow Table Attack
Tools to Create Rainbow Tables: rtgen and Winrtgen
Distributed Network Attack
Password Recovery Tools
Microsoft Authentication
How Hash Passwords Are Stored in Windows SAM?
NTLM Authentication Process
Kerberos Authentication
Password Salting
Tools to Extract the Password Hashes
Password Cracking Tools
How to Defend against Password Cracking
How to Defend against LLMNR/NBT-NS Poisoning
Escalating Privileges
Privilege Escalation
Privilege Escalation Using DLL Hijacking
Privilege Escalation by Exploiting Vulnerabilities
Privilege Escalation Using Dylib Hijacking
Privilege Escalation using Spectre and Meltdown Vulnerabilities
Other Privilege Escalation Techniques
How to Defend Against Privilege Escalation

Executing Applications
Executing Applications
o Tools for Executing Applications
o Types of Keystroke Loggers
o Hardware Keyloggers
o Keyloggers for Windows
o Keyloggers for Mac
o Spyware
o USB Spyware
o Audio Spyware
o Video Spyware
o Telephone/Cellphone Spyware
o GPS Spyware
How to Defend Against Keyloggers
o Anti-Keylogger
How to Defend Against Spyware
o Anti-Spyware
Hiding Files
o Types of Rootkits
o How Rootkit Works
o Rootkits
Horse Pill
o Detecting Rootkits
o Steps for Detecting Rootkits
o How to Defend against Rootkits

o Anti-Rootkits
NTFS Data Stream
o How to Create NTFS Streams
o NTFS Stream Manipulation
o How to Defend against NTFS Streams
o NTFS Stream Detectors
What is Steganography?
o Classification of Steganography
o Types of Steganography based on Cover Medium
Whitespace Steganography
Image Steganography
Image Steganography Tools
Document Steganography
Video Steganography
Audio Steganography
Folder Steganography
Spam/Email Steganography
o Steganography Tools for Mobile Phones
o Steganalysis
o Steganalysis Methods/Attacks on Steganography
o Detecting Steganography (Text, Image, Audio, and Video Files)
o Steganography Detection Tools
Covering Tracks
Covering Tracks
Disabling Auditing: Auditpol
Clearing Logs
Manually Clearing Event Logs
Ways to Clear Online Tracks
Covering BASH Shell Tracks
Covering Tracks on Network
Covering Tracks on OS

Covering Tracks Tools
Penetration Testing
Password Cracking
Privilege Escalation
Executing Applications
Hiding Files
Covering Tracks

Module 07: Malware Threats

Malware Concepts
Introduction to Malware
Different Ways a Malware can Get into a System
Common Techniques Attackers Use to Distribute Malware on the Web
Components of Malware
Trojan Concepts
What is a Trojan?
How Hackers Use Trojans
Common Ports used by Trojans
How to Infect Systems Using a Trojan
Trojan Horse Construction Kit
How Attackers Deploy a Trojan
Exploit Kits
Evading Anti-Virus Techniques
Types of Trojans
o Remote Access Trojans
o Backdoor Trojans
o Botnet Trojans
o Rootkit Trojans
o E-banking Trojans

Working of E-banking Trojans
E-banking Trojan: ZeuS
o Proxy Server Trojans
o Covert Channel Trojans
o Defacement Trojans
o Service Protocol Trojans
o Mobile Trojans
o IoT Trojans
o Other Trojans
Virus and Worm Concepts
Introduction to Viruses
Stages of Virus Life
Working of Viruses
Indications of Virus Attack
How does a Computer Get Infected by Viruses
Virus Hoaxes
Fake Antiviruses
Types of Viruses
o System and File Viruses
o Multipartite and Macro Viruses
o Cluster and Stealth Viruses
o Encryption and Sparse Infector Viruses
o Polymorphic Viruses
o Metamorphic Viruses
o Overwriting File or Cavity Viruses
o Companion/Camouflage and Shell Viruses
o File Extension Viruses
o FAT and Logic Bomb Viruses
o Web Scripting and E-mail Viruses
o Other Viruses

Creating Virus
Computer Worms
Worm Makers
Malware Analysis
What is Sheep Dip Computer?
Anti-Virus Sensor Systems
Introduction to Malware Analysis
Malware Analysis Procedure: Preparing Testbed
Static Malware Analysis
o File Fingerprinting
o Local and Online Malware Scanning
o Performing Strings Search
o Identifying Packing/ Obfuscation Methods
o Finding the Portable Executables (PE) Information
o Identifying File Dependencies
o Malware Disassembly
Dynamic Malware Analysis
o Port Monitoring
o Process Monitoring
o Registry Monitoring
o Windows Services Monitoring
o Startup Programs Monitoring
o Event Logs Monitoring/Analysis
o Installation Monitoring
o Files and Folder Monitoring
o Device Drivers Monitoring
o Network Traffic Monitoring/Analysis
o DNS Monitoring/ Resolution
o API Calls Monitoring
Virus Detection Methods
Trojan Analysis: ZeuS/Zbot

Virus Analysis: WannaCry
Trojan Countermeasures
Backdoor Countermeasures
Virus and Worms Countermeasures
Anti-Malware Software
Anti-Trojan Software
Antivirus Software
Malware Penetration Testing
Malware Penetration Testing

Module 08: Sniffing

Sniffing Concepts
Network Sniffing
Types of Sniffing
How an Attacker Hacks the Network Using Sniffers
Protocols Vulnerable to Sniffing
Sniffing in the Data Link Layer of the OSI Model
Hardware Protocol Analyzers
Lawful Interception
Sniffing Technique: MAC Attacks
MAC Address/CAM Table
How CAM Works
What Happens When CAM Table Is Full?
MAC Flooding
Switch Port Stealing
How to Defend against MAC Attacks
Sniffing Technique: DHCP Attacks
How DHCP Works

DHCP Request/Reply Messages
DHCP Starvation Attack
Rogue DHCP Server Attack
How to Defend Against DHCP Starvation and Rogue Server Attack
Sniffing Technique: ARP Poisoning
What Is Address Resolution Protocol (ARP)?
ARP Spoofing Attack
Threats of ARP Poisoning
ARP Poisoning Tools
How to Defend Against ARP Poisoning
Configuring DHCP Snooping and Dynamic ARP Inspection on Cisco Switches
ARP Spoofing Detection Tools
Sniffing Technique: Spoofing Attacks
MAC Spoofing/Duplicating
MAC Spoofing Technique: Windows
MAC Spoofing Tools
IRDP Spoofing
How to Defend Against MAC Spoofing
Sniffing Technique: DNS Poisoning
DNS Poisoning Techniques
o Intranet DNS Spoofing
o Internet DNS Spoofing
o Proxy Server DNS Poisoning
o DNS Cache Poisoning
How to Defend Against DNS Spoofing
Sniffing Tools
Sniffing Tool: Wireshark
o Follow TCP Stream in Wireshark
o Display Filters in Wireshark
o Additional Wireshark Filters
Sniffing Tools

Packet Sniffing Tools for Mobile

How to Defend Against Sniffing
Sniffing Detection Techniques
How to Detect Sniffing
Sniffer Detection Techniques
o Ping Method
o DNS Method
o ARP Method
Promiscuous Detection Tools
Sniffing Pen Testing
Sniffing Penetration Testing

Module 09: Social Engineering

Social Engineering Concepts
What is Social Engineering?
Phases of a Social Engineering Attack
Social Engineering Techniques
Types of Social Engineering
Human-based Social Engineering
o Impersonation
o Impersonation (Vishing)
o Eavesdropping
o Shoulder Surfing
o Dumpster Diving
o Reverse Social Engineering
o Piggybacking
o Tailgating
Computer-based Social Engineering
o Phishing
Mobile-based Social Engineering

Publishing Malicious Apps
o Repackaging Legitimate Apps
o Fake Security Applications
o SMiShing (SMS Phishing)
Insider Threats
Insider Threat / Insider Attack
Type of Insider Threats
Impersonation on Social Networking Sites
Social Engineering Through Impersonation on Social Networking Sites
Impersonation on Facebook
Social Networking Threats to Corporate Networks
Identity Theft
Identity Theft
Social Engineering Countermeasures
Insider Threats Countermeasures
Identity Theft Countermeasures
How to Detect Phishing Emails?
Anti-Phishing Toolbar
Common Social Engineering Targets and Defense Strategies
Social Engineering Pen Testing
Social Engineering Pen Testing
o Using Emails
o Using Phone
o In Person
Social Engineering Pen Testing Tools

Module 10: Denial-of-Service

DoS/DDoS Concepts
What is a Denial-of-Service Attack?
What is Distributed Denial-of-Service Attack?

DoS/DDoS Attack Techniques
Basic Categories of DoS/DDoS Attack Vectors
UDP Flood Attack
ICMP Flood Attack
Ping of Death and Smurf Attack
SYN Flood Attack
Fragmentation Attack
HTTP GET/POST and Slowloris Attacks
Multi-Vector Attack
Peer-to-Peer Attacks
Permanent Denial-of-Service Attack
Distributed Reflection Denial-of-Service (DRDoS)
Organized Cyber Crime: Organizational Chart
A Typical Botnet Setup
Botnet Ecosystem
Scanning Methods for Finding Vulnerable Machines
How Malicious Code Propagates?
Botnet Trojans
DDoS Case Study
DDoS Attack
Hackers Advertise Links to Download Botnet
Use of Mobile Devices as Botnets for Launching DDoS Attacks
DDoS Case Study: Dyn DDoS Attack
DoS/DDoS Attack Tools
DoS/DDoS Attack Tools
DoS and DDoS Attack Tool for Mobile
Detection Techniques
DoS/DDoS Countermeasure Strategies

DDoS Attack Countermeasures
o Protect Secondary Victims
o Detect and Neutralize Handlers
o Prevent Potential Attacks
o Deflect Attacks
o Mitigate Attacks
o Post-Attack Forensics
Techniques to Defend against Botnets
DoS/DDoS Countermeasures
DoS/DDoS Protection at ISP Level
Enabling TCP Intercept on Cisco IOS Software
DoS/DDoS Protection Tools
Advanced DDoS Protection Appliances
DoS/DDoS Protection Tools
DoS/DDoS Penetration Testing
Denial-of-Service (DoS) Attack Pen Testing

Module 11: Session Hijacking

Session Hijacking Concepts
What is Session Hijacking?
Why Session Hijacking is Successful?
Session Hijacking Process
Packet Analysis of a Local Session Hijack
Types of Session Hijacking
Session Hijacking in OSI Model
Spoofing vs. Hijacking
Application Level Session Hijacking
Application Level Session Hijacking
Compromising Session IDs using Sniffing and by Predicting Session Token
o How to Predict a Session Token
Compromising Session IDs Using Man-in-the-Middle Attack

Compromising Session IDs Using Man-in-the-Browser Attack
o Steps to Perform Man-in-the-Browser Attack
Compromising Session IDs Using Client-side Attacks
Compromising Session IDs Using Client-side Attacks: Cross-site Script Attack
Compromising Session IDs Using Client-side Attacks: Cross-site Request Forgery Attack
Compromising Session IDs Using Session Replay Attack
Compromising Session IDs Using Session Fixation
Session Hijacking Using Proxy Servers
Session Hijacking Using CRIME Attack
Session Hijacking Using Forbidden Attack
Network Level Session Hijacking
TCP/IP Hijacking
IP Spoofing: Source Routed Packets
RST Hijacking
Blind Hijacking
UDP Hijacking
MiTM Attack Using Forged ICMP and ARP Spoofing
Session Hijacking Tools
Session Hijacking Tools
Session Hijacking Tools for Mobile
Session Hijacking Detection Methods
Protecting against Session Hijacking
Methods to Prevent Session Hijacking: To be Followed by Web Developers
Methods to Prevent Session Hijacking: To be Followed by Web Users
Session Hijacking Detection Tools
Approaches Vulnerable to Session Hijacking and their Preventative Solutions
Approaches to Prevent Session Hijacking
o Components of IPsec
o Benefits of IPsec

Modes of IPsec
o IPsec Architecture
o IPsec Authentication and Confidentiality
Session Hijacking Prevention Tools
Penetration Testing
Session Hijacking Pen Testing

Module 12: Evading IDS, Firewalls, and Honeypots

IDS, Firewall and Honeypot Concepts
Intrusion Detection System (IDS)
o How IDS Detects an Intrusion
o General Indications of Intrusions
o Types of Intrusion Detection Systems
o Types of IDS Alerts
o Firewall Architecture
o DeMilitarized Zone (DMZ)
o Types of Firewalls
o Firewall Technologies
Packet Filtering Firewall
Circuit-Level Gateway Firewall
Application-Level Firewall
Stateful Multilayer Inspection Firewall
Application Proxy
Network Address Translation (NAT)
Virtual Private Network
o Firewall Limitations
o Types of Honeypots
IDS, Firewall and Honeypot Solutions
Intrusion Detection Tool

Snort Rules
Snort Rules: Rule Actions and IP Protocols
Snort Rules: The Direction Operator and IP Addresses
Snort Rules: Port Numbers
o Intrusion Detection Tools: TippingPoint and AlienVault® OSSIM™
o Intrusion Detection Tools
o Intrusion Detection Tools for Mobile
o ZoneAlarm Free Firewall 2018 and Firewall Analyzer
o Firewalls
o Firewalls for Mobile
Honeypot Tools
o KFSensor and SPECTER
o Honeypot Tools
o Honeypot Tools for Mobile
Evading IDS
IDS Evasion Techniques
o Insertion Attack
o Evasion
o Denial-of-Service Attack (DoS)
o Obfuscating
o False Positive Generation
o Session Splicing
o Unicode Evasion
o Fragmentation Attack
o Overlapping Fragments
o Time-To-Live Attacks
o Invalid RST Packets
o Urgency Flag
o Polymorphic Shellcode

ASCII Shellcode
o Application-Layer Attacks
o Desynchronization
o Other Types of Evasion
Evading Firewalls
Firewall Evasion Techniques
o Firewall Identification
o IP Address Spoofing
o Source Routing
o Tiny Fragments
o Bypass Blocked Sites Using IP Address in Place of URL
o Bypass Blocked Sites Using Anonymous Website Surfing Sites
o Bypass a Firewall Using Proxy Server
o Bypassing Firewall through ICMP Tunneling Method
o Bypassing Firewall through ACK Tunneling Method
o Bypassing Firewall through HTTP Tunneling Method
Why do I Need HTTP Tunneling
HTTP Tunneling Tools
o Bypassing Firewall through SSH Tunneling Method
SSH Tunneling Tool: Bitvise and Secure Pipes
o Bypassing Firewall through External Systems
o Bypassing Firewall through MITM Attack
o Bypassing Firewall through Content
o Bypassing WAF using XSS Attack
IDS/Firewall Evading Tools
IDS/Firewall Evasion Tools
Packet Fragment Generator Tools
Detecting Honeypots
Detecting Honeypots
Detecting and Defeating Honeypots
Honeypot Detection Tool: Send-Safe Honeypot Hunter

IDS/Firewall Evasion Countermeasures
How to Defend Against IDS Evasion
How to Defend Against Firewall Evasion
Penetration Testing
Firewall/IDS Penetration Testing
o Firewall Penetration Testing
o IDS Penetration Testing

Module 13: Hacking Web Servers

Web Server Concepts
Web Server Operations
Open Source Web Server Architecture
IIS Web Server Architecture
Web Server Security Issue
Why Web Servers Are Compromised?
Impact of Web Server Attacks
Web Server Attacks
DoS/DDoS Attacks
DNS Server Hijacking
DNS Amplification Attack
Directory Traversal Attacks
Man-in-the-Middle/Sniffing Attack
Phishing Attacks
Website Defacement
Web Server Misconfiguration
HTTP Response Splitting Attack
Web Cache Poisoning Attack
SSH Brute Force Attack
Web Server Password Cracking
Web Application Attacks

Web Server Attack Methodology
Information Gathering
o Information Gathering from Robots.txt File
Web Server Footprinting/Banner Grabbing
o Web Server Footprinting Tools
o Enumerating Web Server Information Using Nmap
Website Mirroring
o Finding Default Credentials of Web Server
o Finding Default Content of Web Server
o Finding Directory Listings of Web Server
Vulnerability Scanning
o Finding Exploitable Vulnerabilities
Session Hijacking
Web Server Passwords Hacking
Using Application Server as a Proxy
Web Server Attack Tools
o Metasploit Exploit Module
o Metasploit Payload and Auxiliary Module
o Metasploit NOPS Module
Web Server Attack Tools
Place Web Servers in Separate Secure Server Security Segment on Network
o Patches and Updates
o Protocols
o Accounts
o Files and Directories
Detecting Web Server Hacking Attempts
How to Defend Against Web Server Attacks
How to Defend against HTTP Response Splitting and Web Cache Poisoning

How to Defend against DNS Hijacking
Patch Management
Patches and Hotfixes
What is Patch Management
Installation of a Patch
Patch Management Tools
Web Server Security Tools
Web Application Security Scanners
Web Server Security Scanners
Web Server Security Tools
Web Server Pen Testing
Web Server Penetration Testing
Web Server Pen Testing Tools

Module 14: Hacking Web Applications

Web App Concepts
Introduction to Web Applications
Web Application Architecture
Web 2.0 Applications
Vulnerability Stack
Web App Threats
OWASP Top 10 Application Security Risks – 2017
o A1 — Injection Flaws
SQL Injection Attacks
Command Injection Attacks
Command Injection Example
File Injection Attack
LDAP Injection Attacks
o A2 — Broken Authentication
o A3 — Sensitive Data Exposure
o A4 — XML External Entity (XXE)

A5 — Broken Access Control
o A6 — Security Misconfiguration
o A7 — Cross-Site Scripting (XSS) Attacks
Cross-Site Scripting Attack Scenario: Attack via Email
XSS Attack in Blog Posting
XSS Attack in Comment Field
Websites Vulnerable to XSS Attack
o A8 — Insecure Deserialization
o A9 — Using Components with Known Vulnerabilities
o A10 — Insufficient Logging and Monitoring
Other Web Application Threats
o Directory Traversal
o Unvalidated Redirects and Forwards
o Watering Hole Attack
o Cross-Site Request Forgery (CSRF) Attack
o Cookie/Session Poisoning
o Web Services Architecture
o Web Services Attack
o Web Services Footprinting Attack
o Web Services XML Poisoning
o Hidden Field Manipulation Attack
Hacking Methodology
Web App Hacking Methodology
Footprint Web Infrastructure
o Server Discovery
o Service Discovery
o Server Identification/Banner Grabbing
o Detecting Web App Firewalls and Proxies on Target Site
o Hidden Content Discovery
o Web Spidering Using Burp Suite
o Web Crawling Using Mozenda Web Agent Builder

Attack Web Servers
Analyze Web Applications
o Identify Entry Points for User Input
o Identify Server- Side Technologies
o Identify Server- Side Functionality
o Map the Attack Surface
Bypass Client-Side Controls
o Attack Hidden Form Fields
o Attack Browser Extensions
o Perform Source Code Review
Attack Authentication Mechanism
o User Name Enumeration
o Password Attacks: Password Functionality Exploits
o Password Attacks: Password Guessing and Brute-forcing
o Session Attacks: Session ID Prediction/Brute-forcing
o Cookie Exploitation: Cookie Poisoning
Attack Authorization Schemes
o HTTP Request Tampering
o Cookie Parameter Tampering
Attack Access Controls
Attack Session Management Mechanism
o Attacking Session Token Generation Mechanism
o Attacking Session Tokens Handling Mechanism: Session Token Sniffing
Perform Injection/Input Validation Attacks
Attack Application Logic Flaws
Attack Database Connectivity
o Connection String Injection
o Connection String Parameter Pollution (CSPP) Attacks
o Connection Pool DoS
Attack Web App Client
Attack Web Services

Web Services Probing Attacks
o Web Service Attacks: SOAP Injection
o Web Service Attacks: XML Injection
o Web Services Parsing Attacks
o Web Service Attack Tools
Web App Hacking Tools
Web Application Hacking Tools
Web Application Fuzz Testing
Source Code Review
Encoding Schemes
How to Defend Against Injection Attacks
Web Application Attack Countermeasures
How to Defend Against Web Application Attacks
Web App Security Testing Tools
Web Application Security Testing Tools
Web Application Firewall
Web App Pen Testing
Web Application Pen Testing
o Information Gathering
o Configuration Management Testing
o Authentication Testing
o Session Management Testing
o Authorization Testing
o Data Validation Testing
o Denial-of-Service Testing
o Web Services Testing
o AJAX Testing
Web Application Pen Testing Framework

Module 15: SQL Injection

SQL Injection Concepts
What is SQL Injection?
SQL Injection and Server-side Technologies
Understanding HTTP POST Request
Understanding Normal SQL Query
Understanding an SQL Injection Query
Understanding an SQL Injection Query – Code Analysis
Example of a Web Application Vulnerable to SQL Injection: BadProductList.aspx
Example of a Web Application Vulnerable to SQL Injection: Attack Analysis
Examples of SQL Injection
Types of SQL Injection
Types of SQL injection
o In-Band SQL Injection
Error Based SQL Injection
Union SQL Injection
o Blind/Inferential SQL Injection
No Error Messages Returned
Blind SQL Injection: WAITFOR DELAY (YES or NO Response)
Blind SQL Injection: Boolean Exploitation and Heavy Query
o Out-of-Band SQL injection
SQL Injection Methodology
SQL Injection Methodology
o Information Gathering and SQL Injection Vulnerability Detection
Information Gathering
Identifying Data Entry Paths
Extracting Information through Error Messages
Testing for SQL Injection
Additional Methods to Detect SQL Injection
SQL Injection Black Box Pen Testing
Source Code Review to Detect SQL Injection Vulnerabilities

Testing for Blind SQL Injection Vulnerability in MySQL and MSSQL
o Launch SQL Injection Attacks
Perform Union SQL Injection
Perform Error Based SQL Injection
Perform Error Based SQL Injection using Stored Procedure Injection
Bypass Website Logins Using SQL Injection
Perform Blind SQL Injection – Exploitation (MySQL)
Blind SQL Injection — Extract Database User
Blind SQL Injection — Extract Database Name
Blind SQL Injection — Extract Column Name
Blind SQL Injection — Extract Data from ROWS
Perform Double Blind SQL Injection – Classical Exploitation (MySQL)
Perform Blind SQL Injection Using Out of Band Exploitation Technique
Exploiting Second-Order SQL Injection
Bypass Firewall using SQL Injection
Perform SQL Injection to Insert a New User and Update Password
Exporting a Value with Regular Expression Attack
o Advanced SQL Injection
Database, Table, and Column Enumeration
Advanced Enumeration
Features of Different DBMSs
Creating Database Accounts
Password Grabbing
Grabbing SQL Server Hashes
Extracting SQL Hashes (In a Single Statement
Transfer Database to Attacker’s Machine
Interacting with the Operating System
Interacting with the File System
Network Reconnaissance Using SQL Injection
Network Reconnaissance Full Query

Finding and Bypassing Admin Panel of a Website
PL/SQL Exploitation
Creating Server Backdoors using SQL Injection
SQL Injection Tools
SQL Injection Tools
o SQL Power Injector and sqlmap
o The Mole and jSQL Injection
SQL Injection Tools
SQL Injection Tools for Mobile
Evasion Techniques
Evading IDS
Types of Signature Evasion Techniques
o In-line Comment
o Char Encoding
o String Concatenation
o Obfuscated Codes
o Manipulating White Spaces
o Hex Encoding
o Sophisticated Matches
o URL Encoding
o Null Byte
o Case Variation
o Declare Variable
o IP Fragmentation
How to Defend Against SQL Injection Attacks
o Use Type-Safe SQL Parameters
SQL Injection Detection Tools
o IBM Security AppScan and Acunetix Web Vulnerability Scanner
o Snort Rule to Detect SQL Injection Attacks
SQL Injection Detection Tools

Module 16: Hacking Wireless Networks

Wireless Concepts
Wireless Terminologies
Wireless Networks
Wireless Standards
Service Set Identifier (SSID)
Wi-Fi Authentication Modes
Wi-Fi Authentication Process Using a Centralized Authentication Server
Types of Wireless Antennas
Wireless Encryption
Types of Wireless Encryption
o WEP (Wired Equivalent Privacy) Encryption
o WPA (Wi-Fi Protected Access) Encryption
o WPA2 (Wi-Fi Protected Access 2) Encryption
WEP vs. WPA vs. WPA2
WEP Issues
Weak Initialization Vectors (IV)
Wireless Threats
Wireless Threats
o Rogue Access Point Attack
o Client Mis-association
o Misconfigured Access Point Attack
o Unauthorized Association
o Ad Hoc Connection Attack
o Honeypot Access Point Attack
o AP MAC Spoofing
o Denial-of-Service Attack
o Key Reinstallation Attack (KRACK)
o Jamming Signal Attack
Wi-Fi Jamming Devices

Wireless Hacking Methodology
Wireless Hacking Methodology
o Wi-Fi Discovery
Footprint the Wireless Network
Find Wi-Fi Networks in Range to Attack
Wi-Fi Discovery Tools
Mobile-based Wi-Fi Discovery Tools
o GPS Mapping
GPS Mapping Tools
Wi-Fi Hotspot Finder Tools
How to Discover Wi-Fi Network Using Wardriving
o Wireless Traffic Analysis
Choosing the Right Wi-Fi Card
Wi-Fi USB Dongle: AirPcap
Wi-Fi Packet Sniffer
Perform Spectrum Analysis
o Launch Wireless Attacks
Aircrack-ng Suite
How to Reveal Hidden SSIDs
Fragmentation Attack
How to Launch MAC Spoofing Attack
Denial-of-Service: Disassociation and Deauthentication Attacks
Man-in-the-Middle Attack
MITM Attack Using Aircrack-ng
Wireless ARP Poisoning Attack
Rogue Access Points
Evil Twin
How to Set Up a Fake Hotspot (Evil Twin)
o Crack Wi-Fi Encryption
How to Break WEP Encryption

How to Crack WEP Using Aircrack-ng
How to Break WPA/WPA2 Encryption
How to Crack WPA-PSK Using Aircrack-ng
WEP Cracking and WPA Brute Forcing Using Cain & Abel
Wireless Hacking Tools
WEP/WPA Cracking Tools
WEP/WPA Cracking Tool for Mobile
Wi-Fi Sniffer
Wi-Fi Traffic Analyzer Tools
Other Wireless Hacking Tools
Bluetooth Hacking
Bluetooth Stack
Bluetooth Hacking
Bluetooth Threats
How to BlueJack a Victim
Bluetooth Hacking Tools
Wireless Security Layers
How to Defend Against WPA/WPA2 Cracking
How to Defend Against KRACK Attacks
How to Detect and Block Rogue AP
How to Defend Against Wireless Attacks
How to Defend Against Bluetooth Hacking
Wireless Security Tools
Wireless Intrusion Prevention Systems
Wireless IPS Deployment
Wi-Fi Security Auditing Tools
Wi-Fi Intrusion Prevention System
Wi-Fi Predictive Planning Tools
Wi-Fi Vulnerability Scanning Tools
Bluetooth Security Tools

Wi-Fi Security Tools for Mobile
Wireless Pen Testing

Wireless Penetration Testing
Wireless Penetration Testing Framework
o Pen Testing for General Wi-Fi Network Attack
o Pen Testing WEP Encrypted WLAN
o Pen Testing WPA/WPA2 Encrypted WLAN
o Pen Testing LEAP Encrypted WLAN
o Pen Testing Unencrypted WLAN

Module 17: Hacking Mobile Platforms

Mobile Platform Attack Vectors
Vulnerable Areas in Mobile Business Environment
OWASP Top 10 Mobile Risks — 2016
Anatomy of a Mobile Attack
How a Hacker can Profit from Mobile when Successfully Compromised
Mobile Attack Vectors and Mobile Platform Vulnerabilities
Security Issues Arising from App Stores
App Sandboxing Issues
Mobile Spam
SMS Phishing Attack (SMiShing) (Targeted Attack Scan)
o SMS Phishing Attack Examples
Pairing Mobile Devices on Open Bluetooth and Wi-Fi Connections
Hacking Android OS
Android OS
o Android Device Administration API
Android Rooting
o Rooting Android Using KingoRoot
o Android Rooting Tools
Blocking Wi-Fi Access using NetCut
Hacking with zANTI

Hacking Networks Using Network Spoofer
Launching DoS Attack using Low Orbit Ion Cannon (LOIC)
Performing Session Hijacking Using DroidSheep
Hacking with Orbot Proxy
Android-based Sniffers
Android Trojans
Securing Android Devices
Android Security Tool: Find My Device
Android Security Tools
Android Vulnerability Scanner
Android Device Tracking Tools
Hacking iOS
Apple iOS
Jailbreaking iOS
o Jailbreaking Techniques
o Jailbreaking of iOS 11.2.1 Using Cydia
o Jailbreaking of iOS 11.2.1 Using Pangu Anzhuang
o Jailbreaking Tools
iOS Trojans
Guidelines for Securing iOS Devices
iOS Device Tracking Tools
iOS Device Security Tools
Mobile Spyware
Mobile Spyware
Mobile Spyware: mSpy
Mobile Spywares
Mobile Device Management
Mobile Device Management (MDM)
Mobile Device Management Solutions
Bring Your Own Device (BYOD)
o BYOD Risks

BYOD Policy Implementation
o BYOD Security Guidelines
Mobile Security Guidelines and Tools
General Guidelines for Mobile Platform Security
Mobile Device Security Guidelines for Administrator
SMS Phishing Countermeasures
Mobile Protection Tools
Mobile Anti-Spyware
Mobile Pen Testing
Android Phone Pen Testing
iPhone Pen Testing
Mobile Pen Testing Toolkit: Hackode

Module 18: IoT Hacking

IoT Concepts
What is IoT
How IoT Works
IoT Architecture
IoT Application Areas and Devices
IoT Technologies and Protocols
IoT Communication Models
Challenges of IoT
Threat vs Opportunity
IoT Attacks
IoT Security Problems
OWASP Top 10 IoT Vulnerabilities and Obstacles
IoT Attack Surface Areas
IoT Threats
Hacking IoT Devices: General Scenario
IoT Attacks
o DDoS Attack

Exploit HVAC
o Rolling Code Attack
o BlueBorne Attack
o Jamming Attack
o Hacking Smart Grid / Industrial Devices: Remote Access using Backdoor
o Other IoT Attacks
IoT Attacks in Different Sectors
Case Study: Dyn Attack
IoT Hacking Methodology
What is IoT Device Hacking?
IoT Hacking Methodology
o Information Gathering Using Shodan
o Information Gathering using MultiPing
o Vulnerability Scanning using Nmap
o Vulnerability Scanning using RIoT Vulnerability Scanner
o Sniffing using Foren6
o Rolling code Attack using RFCrack
o Hacking Zigbee Devices with Attify Zigbee Framework
o BlueBorne Attack Using HackRF One
o Gaining Remote Access using Telnet
o Maintain Access by Exploiting Firmware
IoT Hacking Tools
Information Gathering Tools
Sniffing Tools
Vulnerability Scanning Tools
IoT Hacking Tools
How to Defend Against IoT Hacking
General Guidelines for IoT Device Manufacturing Companies
OWASP Top 10 IoT Vulnerabilities Solutions
IoT Framework Security Considerations

IoT Security Tools
IoT Pen Testing
IoT Pen Testing

Module 19: Cloud Computing

Cloud Computing Concepts
Introduction to Cloud Computing
Separation of Responsibilities in Cloud
Cloud Deployment Models
NIST Cloud Deployment Reference Architecture
Cloud Computing Benefits
Understanding Virtualization
Cloud Computing Threats
Cloud Computing Threats
Cloud Computing Attacks
Service Hijacking using Social Engineering Attacks
Service Hijacking using Network Sniffing
Session Hijacking using XSS Attack
Session Hijacking using Session Riding
Domain Name System (DNS) Attacks
Side Channel Attacks or Cross-guest VM Breaches
SQL Injection Attacks
Cryptanalysis Attacks
Wrapping Attack
Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
Man-in-the-Cloud Attack
Cloud Security
Cloud Security Control Layers
Cloud Security is the Responsibility of both Cloud Provider and Consumer
Cloud Computing Security Considerations
Placement of Security Controls in the Cloud

Best Practices for Securing Cloud
NIST Recommendations for Cloud Security
Organization/Provider Cloud Security Compliance Checklist
Cloud Security Tools
Cloud Security Tools
Cloud Penetration Testing
What is Cloud Pen Testing?
Key Considerations for Pen Testing in the Cloud
Cloud Penetration Testing
Recommendations for Cloud Testing

Module 20: Cryptography

Cryptography Concepts
o Types of Cryptography
Government Access to Keys (GAK)
Encryption Algorithms
Data Encryption Standard (DES)
Advanced Encryption Standard (AES)
RC4, RC5, and RC6 Algorithms
The DSA and Related Signature Schemes
Rivest Shamir Adleman (RSA)
Message Digest (One-Way Hash) Functions
o Message Digest Function: MD5
o Secure Hashing Algorithm (SHA)
o RIPEMD — 160

Cryptography Tools
MD5 Hash Calculators
Hash Calculators for Mobile
Cryptography Tools
o Advanced Encryption Package 2017
o BCTextEncoder
o Cryptography Tools
Cryptography Tools for Mobile
Public Key Infrastructure (PKI)
Public Key Infrastructure (PKI)
o Certification Authorities
o Signed Certificate (CA) Vs. Self Signed Certificate
Email Encryption
Digital Signature
Secure Sockets Layer (SSL)
Transport Layer Security (TLS)
Cryptography Toolkit
Pretty Good Privacy (PGP)
Disk Encryption
Disk Encryption
Disk Encryption Tools
o VeraCrypt
o Symantec Drive Encryption
o Disk Encryption Tools
Cryptanalysis Methods
o Linear Cryptanalysis
o Differential Cryptanalysis
o Integral Cryptanalysis

Code Breaking Methodologies
Cryptography Attacks
o Brute-Force Attack
o Birthday Attack
Birthday Paradox: Probability
o Meet-in-the-Middle Attack on Digital Signature Schemes
o Side Channel Attack
o Hash Collision Attack
o DUHK Attack
o Rainbow Table Attack
Cryptanalysis Tools
Online MD5 Decryption Tools
How to Defend Against Cryptographic Attacks

Автор: Andrey Kopelyan

У самурая нет цели, у самурая есть путь.