Module 01: Introduction to Ethical Hacking
Information Security Overview
•Internet is Integral Part of Business and Personal Life — What Happens •Online in 60 Seconds
•Essential Terminology
• Elements of Information Security
• The Security, Functionality, and Usability Triangle
Information Security Threats and Attack Vectors
• Motives, Goals, and Objectives of Information Security Attacks
• Top Information Security Attack Vectors
• Information Security Threat Categories
• Types of Attacks on a System
• Information Warfare
Hacking Concepts
•What is Hacking?
•Who is a Hacker?
• Hacker Classes
• Hacking Phases
o Reconnaissance
o Scanning
Gaining Access
o Maintaining Access
o Clearing Tracks
Ethical Hacking Concepts
• What is Ethical Hacking?
• Why Ethical Hacking is Necessary
• Scope and Limitations of Ethical Hacking
• Skills of an Ethical Hacker
Information Security Controls
• Information Assurance (IA)
• Information Security Management Program
•Enterprise Information Security Architecture (EISA)
• Network Security Zoning
• Defense-in-Depth
• Information Security Policies
o Types of Security Policies
o Examples of Security Policies
o Privacy Policies at Workplace
o Steps to Create and Implement Security Policies
o HR/Legal Implications of Security Policy Enforcement
• Physical Security
o Types of Physical Security Control
o Physical Security Controls
•What is Risk?
o Risk Management
o Key Roles and Responsibilities in Risk Management
• Threat Modeling
• Incident Management
o Incident Management Process
o Responsibilities of an Incident Response Team
• Security Incident and Event Management (SIEM)
SIEM Architecture
• User Behavior Analytics (UBA)
• Network Security Controls
o Access Control
o Types of Access Control
o User Identification, Authentication, Authorization and Accounting
• Identity and Access Management (IAM)
• Data Leakage
o Data Leakage Threats
o What is Data Loss Prevention (DLP)?
• Data Backup
• Data Recovery
• Role of AI/ML in Cyber Security
Penetration Testing Concepts
• Penetration Testing
• Why Penetration Testing
• Comparing Security Audit, Vulnerability Assessment, and Penetration Testing
• Blue Teaming/Red Teaming
•Types of Penetration Testing
•Phases of Penetration Testing
• Security Testing Methodology
Information Security Laws and Standards
• Payment Card Industry Data Security Standard (PCI-DSS)
• ISO/IEC 27001:2013
• Health Insurance Portability and Accountability Act (HIPAA)
• Sarbanes Oxley Act (SOX)
• The Digital Millennium Copyright Act (DMCA)
• Federal Information Security Management Act (FISMA)
• Cyber Law in Different Countries
Module 02: Footprinting and Reconnaissance
Footprinting Concepts
• What is Footprinting?
• Objectives of Footprinting
Footprinting through Search Engines
• Footprinting through Search Engines
• Footprint Using Advanced Google Hacking Techniques
• Information Gathering Using Google Advanced Search and Image Search
• Google Hacking Database
• VoIP and VPN Footprinting through Google Hacking Database
Footprinting through Web Services
• Finding Company’s Top-level Domains (TLDs) and Sub-domains
• Finding the Geographical Location of the Target
• People Search on Social Networking Sites and People Search Services
• Gathering Information from LinkedIn
• Gather Information from Financial Services
• Footprinting through Job Sites
• Monitoring Target Using Alerts
• Information Gathering Using Groups, Forums, and Blogs
• Determining the Operating System
• VoIP and VPN Footprinting through SHODAN
Footprinting through Social Networking Sites
• Collecting Information through Social Engineering on Social Networking Sites
Website Footprinting
• Website Footprinting
• Website Footprinting using Web Spiders
• Mirroring Entire Website
• Extracting Website Information from https://archive.org
• Extracting Metadata of Public Documents
• Monitoring Web Pages for Updates and Changes
Email Footprinting
• Tracking Email Communications
• Collecting Information from Email Header
• Email Tracking Tools
Competitive Intelligence
• Competitive Intelligence Gathering
• Competitive Intelligence — When Did this Company Begin? How Did it Develop?
• Competitive Intelligence — What Are the Company’s Plans?
• Competitive Intelligence — What Expert Opinions Say About the Company
• Monitoring Website Traffic of Target Company
• Tracking Online Reputation of the Target
Whois Footprinting
• Whois Lookup
• Whois Lookup Result Analysis
• Whois Lookup Tools
• Finding IP Geolocation Information
DNS Footprinting
• Extracting DNS Information
• DNS Interrogation Tools
Network Footprinting
• Locate the Network Range
•Traceroute
• Traceroute Analysis
• Traceroute Tools
Footprinting through Social Engineering
• Footprinting through Social Engineering
• Collect Information Using Eavesdropping, Shoulder Surfing, and Dumpster Diving
Footprinting Tools
• Maltego
• Recon-ng
• FOCA
Ethical Hacking and Counterme Recon-Dog
• OSRFramework
• Additional Footprinting Tools
Countermeasures
• Footprinting Countermeasures
Footprinting Pen Testing
• Footprinting Pen Testing
• Footprinting Pen Testing Report Templates
Module 03: Scanning Networks
Network Scanning Concepts
• Overview of Network Scanning
• TCP Communication Flags
• TCP/IP Communication
• Creating Custom Packet Using TCP Flags
• Scanning in IPv6 Networks
Scanning Tools
• Nmap
• Hping2 / Hping3
o Hping Commands
• Scanning Tools
• Scanning Tools for Mobile
Scanning Techniques
• Scanning Techniques
o ICMP Scanning — Checking for Live Systems
o Ping Sweep — Checking for Live Systems
• Ping Sweep Tools
o ICMP Echo Scanning
o TCP Connect / Full Open Scan
o Stealth Scan (Half-open Scan)
o Inverse TCP Flag Scanning
Xmas Scan
o ACK Flag Probe Scanning
o IDLE/IPID Header Scan
o UDP Scanning
o SSDP and List Scanning
• Port Scanning Countermeasures
Scanning Beyond IDS and Firewall
• IDS/Firewall Evasion Techniques
o Packet Fragmentation
o Source Routing
o IP Address Decoy
o IP Address Spoofing
• IP Spoofing Detection Techniques: Direct TTL Probes
• IP Spoofing Detection Techniques: IP Identification Number
• IP Spoofing Detection Techniques: TCP Flow Control Method
• IP Spoofing Countermeasures
o Proxy Servers
• Proxy Chaining
• Proxy Tools
• Proxy Tools for Mobile
o Anonymizers
• Censorship Circumvention Tools: Alkasir and Tails
• Anonymizers
• Anonymizers for Mobile
Banner Grabbing
• Banner Grabbing
• How to Identify Target System OS
• Banner Grabbing Countermeasures
Draw Network Diagrams
• Drawing Network Diagrams
• Network Discovery and Mapping Tools
Network Discovery Tools for Mobile
• Scanning Pen Testing
Module 04: Enumeration
Enumeration Concepts
• What is Enumeration?
• Techniques for Enumeration
• Services and Ports to Enumerate
NetBIOS Enumeration
• NetBIOS Enumeration
• NetBIOS Enumeration Tools
• Enumerating User Accounts
• Enumerating Shared Resources Using Net View
SNMP Enumeration
• SNMP (Simple Network Management Protocol) Enumeration
• Working of SNMP
• Management Information Base (MIB)
• SNMP Enumeration Tools
LDAP Enumeration
• LDAP Enumeration
• LDAP Enumeration Tools
NTP Enumeration
• NTP Enumeration
• NTP Enumeration Commands
• NTP Enumeration Tools
SMTP and DNS Enumeration
• SMTP Enumeration
• SMTP Enumeration Tools
• DNS Enumeration Using Zone Transfer
Other Enumeration Techniques
• IPsec Enumeration
• VoIP Enumeration
• RPC Enumeration
• Unix/Linux User Enumeration
Enumeration Countermeasures
• Enumeration Countermeasures
Enumeration Pen Testing
• Enumeration Pen Testing
Module 05: Vulnerability Analysis
Vulnerability Assessment Concepts
• Vulnerability Research
• Vulnerability Classification
• What is Vulnerability Assessment?
• Types of Vulnerability Assessment
• Vulnerability-Management Life Cycle
o Pre-Assessment Phase: Creating a Baseline
o Vulnerability Assessment Phase
o Post Assessment Phase
Vulnerability Assessment Solutions
• Comparing Approaches to Vulnerability Assessment
• Working of Vulnerability Scanning Solutions
• Types of Vulnerability Assessment Tools
• Characteristics of a Good Vulnerability Assessment Solution
• Choosing a Vulnerability Assessment Tool
• Criteria for Choosing a Vulnerability Assessment Tool
• Best Practices for Selecting Vulnerability Assessment Tools
Vulnerability Scoring Systems
• Common Vulnerability Scoring System (CVSS)
• Common Vulnerabilities and Exposures (CVE)
National Vulnerability Database (NVD)
• Resources for Vulnerability Research
Vulnerability Assessment Tools
• Vulnerability Assessment Tools
o Qualys Vulnerability Management
o Nessus Professional
o GFI LanGuard
o Qualys FreeScan
o Nikto
o OpenVAS
o Retina CS
o SAINT
o Microsoft Baseline Security Analyzer (MBSA)
o AVDS — Automated Vulnerability Detection System
o Vulnerability Assessment Tools
• Vulnerability Assessment Tools for Mobile
Vulnerability Assessment Reports
• Vulnerability Assessment Reports
• Analyzing Vulnerability Scanning Report
Module 06: System Hacking
System Hacking Concepts
• CEH Hacking Methodology (CHM)
• System Hacking Goals
Cracking Passwords
• Password Cracking
• Types of Password Attacks
o Non-Electronic Attacks
o Active Online Attack
• Dictionary, Brute Forcing and Rule-based Attack
• Password Guessing
Default Passwords
• Trojan/Spyware/Keylogger
• Example of Active Online Attack Using USB Drive
• Hash Injection Attack
• LLMNR/NBT-NS Poisoning
o Passive Online Attack
• Wire Sniffing
• Man-in-the-Middle and Replay Attack
o Offline Attack
• Rainbow Table Attack
• Tools to Create Rainbow Tables: rtgen and Winrtgen
• Distributed Network Attack
• Password Recovery Tools
• Microsoft Authentication
• How Hash Passwords Are Stored in Windows SAM?
• NTLM Authentication Process
• Kerberos Authentication
• Password Salting
• Tools to Extract the Password Hashes
• Password Cracking Tools
• How to Defend against Password Cracking
• How to Defend against LLMNR/NBT-NS Poisoning
Escalating Privileges
• Privilege Escalation
• Privilege Escalation Using DLL Hijacking
• Privilege Escalation by Exploiting Vulnerabilities
• Privilege Escalation Using Dylib Hijacking
• Privilege Escalation using Spectre and Meltdown Vulnerabilities
• Other Privilege Escalation Techniques
• How to Defend Against Privilege Escalation
Executing Applications
• Executing Applications
o Tools for Executing Applications
• Keylogger
o Types of Keystroke Loggers
o Hardware Keyloggers
o Keyloggers for Windows
o Keyloggers for Mac
• Spyware
o Spyware
o USB Spyware
o Audio Spyware
o Video Spyware
o Telephone/Cellphone Spyware
o GPS Spyware
• How to Defend Against Keyloggers
o Anti-Keylogger
• How to Defend Against Spyware
o Anti-Spyware
Hiding Files
• Rootkits
o Types of Rootkits
o How Rootkit Works
o Rootkits
• Horse Pill
• GrayFish
• Sirefef
• Necurs
o Detecting Rootkits
o Steps for Detecting Rootkits
o How to Defend against Rootkits
o Anti-Rootkits
• NTFS Data Stream
o How to Create NTFS Streams
o NTFS Stream Manipulation
o How to Defend against NTFS Streams
o NTFS Stream Detectors
• What is Steganography?
o Classification of Steganography
o Types of Steganography based on Cover Medium
• Whitespace Steganography
• Image Steganography
• Image Steganography Tools
• Document Steganography
• Video Steganography
• Audio Steganography
• Folder Steganography
• Spam/Email Steganography
o Steganography Tools for Mobile Phones
o Steganalysis
o Steganalysis Methods/Attacks on Steganography
o Detecting Steganography (Text, Image, Audio, and Video Files)
o Steganography Detection Tools
Covering Tracks
• Covering Tracks
• Disabling Auditing: Auditpol
• Clearing Logs
• Manually Clearing Event Logs
• Ways to Clear Online Tracks
• Covering BASH Shell Tracks
• Covering Tracks on Network
• Covering Tracks on OS
Covering Tracks Tools
Penetration Testing
• Password Cracking
• Privilege Escalation
• Executing Applications
• Hiding Files
• Covering Tracks
Module 07: Malware Threats
Malware Concepts
• Introduction to Malware
• Different Ways a Malware can Get into a System
• Common Techniques Attackers Use to Distribute Malware on the Web
• Components of Malware
Trojan Concepts
• What is a Trojan?
• How Hackers Use Trojans
• Common Ports used by Trojans
• How to Infect Systems Using a Trojan
• Trojan Horse Construction Kit
• Wrappers
• Crypters
• How Attackers Deploy a Trojan
• Exploit Kits
• Evading Anti-Virus Techniques
• Types of Trojans
o Remote Access Trojans
o Backdoor Trojans
o Botnet Trojans
o Rootkit Trojans
o E-banking Trojans
• Working of E-banking Trojans
• E-banking Trojan: ZeuS
o Proxy Server Trojans
o Covert Channel Trojans
o Defacement Trojans
o Service Protocol Trojans
o Mobile Trojans
o IoT Trojans
o Other Trojans
Virus and Worm Concepts
• Introduction to Viruses
• Stages of Virus Life
• Working of Viruses
• Indications of Virus Attack
• How does a Computer Get Infected by Viruses
• Virus Hoaxes
• Fake Antiviruses
• Ransomware
• Types of Viruses
o System and File Viruses
o Multipartite and Macro Viruses
o Cluster and Stealth Viruses
o Encryption and Sparse Infector Viruses
o Polymorphic Viruses
o Metamorphic Viruses
o Overwriting File or Cavity Viruses
o Companion/Camouflage and Shell Viruses
o File Extension Viruses
o FAT and Logic Bomb Viruses
o Web Scripting and E-mail Viruses
o Other Viruses
Creating Virus
• Computer Worms
• Worm Makers
Malware Analysis
• What is Sheep Dip Computer?
• Anti-Virus Sensor Systems
• Introduction to Malware Analysis
• Malware Analysis Procedure: Preparing Testbed
• Static Malware Analysis
o File Fingerprinting
o Local and Online Malware Scanning
o Performing Strings Search
o Identifying Packing/ Obfuscation Methods
o Finding the Portable Executables (PE) Information
o Identifying File Dependencies
o Malware Disassembly
• Dynamic Malware Analysis
o Port Monitoring
o Process Monitoring
o Registry Monitoring
o Windows Services Monitoring
o Startup Programs Monitoring
o Event Logs Monitoring/Analysis
o Installation Monitoring
o Files and Folder Monitoring
o Device Drivers Monitoring
o Network Traffic Monitoring/Analysis
o DNS Monitoring/ Resolution
o API Calls Monitoring
• Virus Detection Methods
• Trojan Analysis: ZeuS/Zbot
Virus Analysis: WannaCry
Countermeasures
• Trojan Countermeasures
• Backdoor Countermeasures
• Virus and Worms Countermeasures
Anti-Malware Software
• Anti-Trojan Software
• Antivirus Software
Malware Penetration Testing
• Malware Penetration Testing
Module 08: Sniffing
Sniffing Concepts
• Network Sniffing
• Types of Sniffing
• How an Attacker Hacks the Network Using Sniffers
• Protocols Vulnerable to Sniffing
• Sniffing in the Data Link Layer of the OSI Model
• Hardware Protocol Analyzers
• SPAN Port
• Wiretapping
• Lawful Interception
Sniffing Technique: MAC Attacks
• MAC Address/CAM Table
• How CAM Works
• What Happens When CAM Table Is Full?
• MAC Flooding
• Switch Port Stealing
• How to Defend against MAC Attacks
Sniffing Technique: DHCP Attacks
• How DHCP Works
DHCP Request/Reply Messages
• DHCP Starvation Attack
• Rogue DHCP Server Attack
• How to Defend Against DHCP Starvation and Rogue Server Attack
Sniffing Technique: ARP Poisoning
• What Is Address Resolution Protocol (ARP)?
• ARP Spoofing Attack
• Threats of ARP Poisoning
• ARP Poisoning Tools
• How to Defend Against ARP Poisoning
• Configuring DHCP Snooping and Dynamic ARP Inspection on Cisco Switches
• ARP Spoofing Detection Tools
Sniffing Technique: Spoofing Attacks
• MAC Spoofing/Duplicating
• MAC Spoofing Technique: Windows
• MAC Spoofing Tools
• IRDP Spoofing
• How to Defend Against MAC Spoofing
Sniffing Technique: DNS Poisoning
• DNS Poisoning Techniques
o Intranet DNS Spoofing
o Internet DNS Spoofing
o Proxy Server DNS Poisoning
o DNS Cache Poisoning
• How to Defend Against DNS Spoofing
Sniffing Tools
• Sniffing Tool: Wireshark
o Follow TCP Stream in Wireshark
o Display Filters in Wireshark
o Additional Wireshark Filters
• Sniffing Tools
Packet Sniffing Tools for Mobile
Countermeasures
• How to Defend Against Sniffing
Sniffing Detection Techniques
• How to Detect Sniffing
•Sniffer Detection Techniques
o Ping Method
o DNS Method
o ARP Method
• Promiscuous Detection Tools
Sniffing Pen Testing
• Sniffing Penetration Testing
Module 09: Social Engineering
Social Engineering Concepts
• What is Social Engineering?
• Phases of a Social Engineering Attack
Social Engineering Techniques
• Types of Social Engineering
• Human-based Social Engineering
o Impersonation
o Impersonation (Vishing)
o Eavesdropping
o Shoulder Surfing
o Dumpster Diving
o Reverse Social Engineering
o Piggybacking
o Tailgating
• Computer-based Social Engineering
o Phishing
• Mobile-based Social Engineering
•Publishing Malicious Apps
o Repackaging Legitimate Apps
o Fake Security Applications
o SMiShing (SMS Phishing)
Insider Threats
• Insider Threat / Insider Attack
• Type of Insider Threats
Impersonation on Social Networking Sites
• Social Engineering Through Impersonation on Social Networking Sites
• Impersonation on Facebook
• Social Networking Threats to Corporate Networks
Identity Theft
• Identity Theft
Countermeasures
• Social Engineering Countermeasures
• Insider Threats Countermeasures
• Identity Theft Countermeasures
• How to Detect Phishing Emails?
• Anti-Phishing Toolbar
• Common Social Engineering Targets and Defense Strategies
Social Engineering Pen Testing
• Social Engineering Pen Testing
o Using Emails
o Using Phone
o In Person
• Social Engineering Pen Testing Tools
Module 10: Denial-of-Service
DoS/DDoS Concepts
• What is a Denial-of-Service Attack?
• What is Distributed Denial-of-Service Attack?
DoS/DDoS Attack Techniques
• Basic Categories of DoS/DDoS Attack Vectors
• UDP Flood Attack
• ICMP Flood Attack
• Ping of Death and Smurf Attack
• SYN Flood Attack
• Fragmentation Attack
• HTTP GET/POST and Slowloris Attacks
• Multi-Vector Attack
•Peer-to-Peer Attacks
• Permanent Denial-of-Service Attack
•Distributed Reflection Denial-of-Service (DRDoS)
Botnets
• Organized Cyber Crime: Organizational Chart
• Botnet
• A Typical Botnet Setup
• Botnet Ecosystem
• Scanning Methods for Finding Vulnerable Machines
• How Malicious Code Propagates?
• Botnet Trojans
DDoS Case Study
• DDoS Attack
• Hackers Advertise Links to Download Botnet
• Use of Mobile Devices as Botnets for Launching DDoS Attacks
• DDoS Case Study: Dyn DDoS Attack
DoS/DDoS Attack Tools
• DoS/DDoS Attack Tools
• DoS and DDoS Attack Tool for Mobile
Countermeasures
• Detection Techniques
• DoS/DDoS Countermeasure Strategies
DDoS Attack Countermeasures
o Protect Secondary Victims
o Detect and Neutralize Handlers
o Prevent Potential Attacks
o Deflect Attacks
o Mitigate Attacks
o Post-Attack Forensics
• Techniques to Defend against Botnets
• DoS/DDoS Countermeasures
• DoS/DDoS Protection at ISP Level
• Enabling TCP Intercept on Cisco IOS Software
DoS/DDoS Protection Tools
• Advanced DDoS Protection Appliances
• DoS/DDoS Protection Tools
DoS/DDoS Penetration Testing
• Denial-of-Service (DoS) Attack Pen Testing
Module 11: Session Hijacking
Session Hijacking Concepts
• What is Session Hijacking?
• Why Session Hijacking is Successful?
• Session Hijacking Process
• Packet Analysis of a Local Session Hijack
• Types of Session Hijacking
• Session Hijacking in OSI Model
• Spoofing vs. Hijacking
Application Level Session Hijacking
• Application Level Session Hijacking
• Compromising Session IDs using Sniffing and by Predicting Session Token
o How to Predict a Session Token
• Compromising Session IDs Using Man-in-the-Middle Attack
• Compromising Session IDs Using Man-in-the-Browser Attack
o Steps to Perform Man-in-the-Browser Attack
• Compromising Session IDs Using Client-side Attacks
• Compromising Session IDs Using Client-side Attacks: Cross-site Script Attack
•Compromising Session IDs Using Client-side Attacks: Cross-site Request Forgery Attack
• Compromising Session IDs Using Session Replay Attack
•Compromising Session IDs Using Session Fixation
• Session Hijacking Using Proxy Servers
• Session Hijacking Using CRIME Attack
• Session Hijacking Using Forbidden Attack
Network Level Session Hijacking
• TCP/IP Hijacking
• IP Spoofing: Source Routed Packets
• RST Hijacking
• Blind Hijacking
• UDP Hijacking
• MiTM Attack Using Forged ICMP and ARP Spoofing
Session Hijacking Tools
• Session Hijacking Tools
•Session Hijacking Tools for Mobile
Countermeasures
• Session Hijacking Detection Methods
• Protecting against Session Hijacking
• Methods to Prevent Session Hijacking: To be Followed by Web Developers
• Methods to Prevent Session Hijacking: To be Followed by Web Users
• Session Hijacking Detection Tools
• Approaches Vulnerable to Session Hijacking and their Preventative Solutions
• Approaches to Prevent Session Hijacking
• IPSec
o Components of IPsec
o Benefits of IPsec
Modes of IPsec
o IPsec Architecture
o IPsec Authentication and Confidentiality
• Session Hijacking Prevention Tools
Penetration Testing
• Session Hijacking Pen Testing
Module 12: Evading IDS, Firewalls, and Honeypots
IDS, Firewall and Honeypot Concepts
• Intrusion Detection System (IDS)
o How IDS Detects an Intrusion
o General Indications of Intrusions
o Types of Intrusion Detection Systems
o Types of IDS Alerts
• Firewall
o Firewall Architecture
o DeMilitarized Zone (DMZ)
o Types of Firewalls
o Firewall Technologies
• Packet Filtering Firewall
• Circuit-Level Gateway Firewall
• Application-Level Firewall
• Stateful Multilayer Inspection Firewall
• Application Proxy
• Network Address Translation (NAT)
• Virtual Private Network
o Firewall Limitations
• Honeypot
o Types of Honeypots
IDS, Firewall and Honeypot Solutions
• Intrusion Detection Tool
Snort
• Snort Rules
• Snort Rules: Rule Actions and IP Protocols
• Snort Rules: The Direction Operator and IP Addresses
• Snort Rules: Port Numbers
o Intrusion Detection Tools: TippingPoint and AlienVault® OSSIM™
o Intrusion Detection Tools
o Intrusion Detection Tools for Mobile
• Firewalls
o ZoneAlarm Free Firewall 2018 and Firewall Analyzer
o Firewalls
o Firewalls for Mobile
• Honeypot Tools
o KFSensor and SPECTER
o Honeypot Tools
o Honeypot Tools for Mobile
Evading IDS
• IDS Evasion Techniques
o Insertion Attack
o Evasion
o Denial-of-Service Attack (DoS)
o Obfuscating
o False Positive Generation
o Session Splicing
o Unicode Evasion
o Fragmentation Attack
o Overlapping Fragments
o Time-To-Live Attacks
o Invalid RST Packets
o Urgency Flag
o Polymorphic Shellcode
ASCII Shellcode
o Application-Layer Attacks
o Desynchronization
o Other Types of Evasion
Evading Firewalls
• Firewall Evasion Techniques
o Firewall Identification
o IP Address Spoofing
o Source Routing
o Tiny Fragments
o Bypass Blocked Sites Using IP Address in Place of URL
o Bypass Blocked Sites Using Anonymous Website Surfing Sites
o Bypass a Firewall Using Proxy Server
o Bypassing Firewall through ICMP Tunneling Method
o Bypassing Firewall through ACK Tunneling Method
o Bypassing Firewall through HTTP Tunneling Method
• Why do I Need HTTP Tunneling
• HTTP Tunneling Tools
o Bypassing Firewall through SSH Tunneling Method
• SSH Tunneling Tool: Bitvise and Secure Pipes
o Bypassing Firewall through External Systems
o Bypassing Firewall through MITM Attack
o Bypassing Firewall through Content
o Bypassing WAF using XSS Attack
IDS/Firewall Evading Tools
• IDS/Firewall Evasion Tools
• Packet Fragment Generator Tools
Detecting Honeypots
• Detecting Honeypots
• Detecting and Defeating Honeypots
• Honeypot Detection Tool: Send-Safe Honeypot Hunter
IDS/Firewall Evasion Countermeasures
• How to Defend Against IDS Evasion
• How to Defend Against Firewall Evasion
Penetration Testing
• Firewall/IDS Penetration Testing
o Firewall Penetration Testing
o IDS Penetration Testing
Module 13: Hacking Web Servers
Web Server Concepts
• Web Server Operations
•Open Source Web Server Architecture
• IIS Web Server Architecture
• Web Server Security Issue
• Why Web Servers Are Compromised?
• Impact of Web Server Attacks
Web Server Attacks
• DoS/DDoS Attacks
• DNS Server Hijacking
• DNS Amplification Attack
• Directory Traversal Attacks
• Man-in-the-Middle/Sniffing Attack
• Phishing Attacks
• Website Defacement
• Web Server Misconfiguration
• HTTP Response Splitting Attack
• Web Cache Poisoning Attack
• SSH Brute Force Attack
• Web Server Password Cracking
• Web Application Attacks
Web Server Attack Methodology
• Information Gathering
o Information Gathering from Robots.txt File
• Web Server Footprinting/Banner Grabbing
o Web Server Footprinting Tools
o Enumerating Web Server Information Using Nmap
• Website Mirroring
o Finding Default Credentials of Web Server
o Finding Default Content of Web Server
o Finding Directory Listings of Web Server
• Vulnerability Scanning
o Finding Exploitable Vulnerabilities
• Session Hijacking
• Web Server Passwords Hacking
• Using Application Server as a Proxy
Web Server Attack Tools
• Metasploit
o Metasploit Exploit Module
o Metasploit Payload and Auxiliary Module
o Metasploit NOPS Module
• Web Server Attack Tools
Countermeasures
• Place Web Servers in Separate Secure Server Security Segment on Network
• Countermeasures
o Patches and Updates
o Protocols
o Accounts
o Files and Directories
• Detecting Web Server Hacking Attempts
• How to Defend Against Web Server Attacks
• How to Defend against HTTP Response Splitting and Web Cache Poisoning
• How to Defend against DNS Hijacking
Patch Management
• Patches and Hotfixes
• What is Patch Management
• Installation of a Patch
• Patch Management Tools
Web Server Security Tools
• Web Application Security Scanners
• Web Server Security Scanners
• Web Server Security Tools
Web Server Pen Testing
• Web Server Penetration Testing
• Web Server Pen Testing Tools
Module 14: Hacking Web Applications
Web App Concepts
• Introduction to Web Applications
• Web Application Architecture
• Web 2.0 Applications
• Vulnerability Stack
Web App Threats
• OWASP Top 10 Application Security Risks – 2017
o A1 — Injection Flaws
• SQL Injection Attacks
•Command Injection Attacks
• Command Injection Example
• File Injection Attack
• LDAP Injection Attacks
o A2 — Broken Authentication
o A3 — Sensitive Data Exposure
o A4 — XML External Entity (XXE)
A5 — Broken Access Control
o A6 — Security Misconfiguration
o A7 — Cross-Site Scripting (XSS) Attacks
• Cross-Site Scripting Attack Scenario: Attack via Email
• XSS Attack in Blog Posting
• XSS Attack in Comment Field
• Websites Vulnerable to XSS Attack
o A8 — Insecure Deserialization
o A9 — Using Components with Known Vulnerabilities
o A10 — Insufficient Logging and Monitoring
• Other Web Application Threats
o Directory Traversal
o Unvalidated Redirects and Forwards
o Watering Hole Attack
o Cross-Site Request Forgery (CSRF) Attack
o Cookie/Session Poisoning
o Web Services Architecture
o Web Services Attack
o Web Services Footprinting Attack
o Web Services XML Poisoning
o Hidden Field Manipulation Attack
Hacking Methodology
• Web App Hacking Methodology
• Footprint Web Infrastructure
o Server Discovery
o Service Discovery
o Server Identification/Banner Grabbing
o Detecting Web App Firewalls and Proxies on Target Site
o Hidden Content Discovery
o Web Spidering Using Burp Suite
o Web Crawling Using Mozenda Web Agent Builder
Attack Web Servers
• Analyze Web Applications
o Identify Entry Points for User Input
o Identify Server- Side Technologies
o Identify Server- Side Functionality
o Map the Attack Surface
• Bypass Client-Side Controls
o Attack Hidden Form Fields
o Attack Browser Extensions
o Perform Source Code Review
• Attack Authentication Mechanism
o User Name Enumeration
o Password Attacks: Password Functionality Exploits
o Password Attacks: Password Guessing and Brute-forcing
o Session Attacks: Session ID Prediction/Brute-forcing
o Cookie Exploitation: Cookie Poisoning
• Attack Authorization Schemes
o HTTP Request Tampering
o Cookie Parameter Tampering
• Attack Access Controls
• Attack Session Management Mechanism
o Attacking Session Token Generation Mechanism
o Attacking Session Tokens Handling Mechanism: Session Token Sniffing
• Perform Injection/Input Validation Attacks
• Attack Application Logic Flaws
• Attack Database Connectivity
o Connection String Injection
o Connection String Parameter Pollution (CSPP) Attacks
o Connection Pool DoS
• Attack Web App Client
• Attack Web Services
Web Services Probing Attacks
o Web Service Attacks: SOAP Injection
o Web Service Attacks: XML Injection
o Web Services Parsing Attacks
o Web Service Attack Tools
Web App Hacking Tools
• Web Application Hacking Tools
Countermeasures
• Web Application Fuzz Testing
• Source Code Review
• Encoding Schemes
• How to Defend Against Injection Attacks
• Web Application Attack Countermeasures
• How to Defend Against Web Application Attacks
Web App Security Testing Tools
• Web Application Security Testing Tools
• Web Application Firewall
Web App Pen Testing
• Web Application Pen Testing
o Information Gathering
o Configuration Management Testing
o Authentication Testing
o Session Management Testing
o Authorization Testing
o Data Validation Testing
o Denial-of-Service Testing
o Web Services Testing
o AJAX Testing
• Web Application Pen Testing Framework
Module 15: SQL Injection
SQL Injection Concepts
• What is SQL Injection?
• SQL Injection and Server-side Technologies
• Understanding HTTP POST Request
• Understanding Normal SQL Query
• Understanding an SQL Injection Query
• Understanding an SQL Injection Query – Code Analysis
• Example of a Web Application Vulnerable to SQL Injection: BadProductList.aspx
• Example of a Web Application Vulnerable to SQL Injection: Attack Analysis
• Examples of SQL Injection
Types of SQL Injection
• Types of SQL injection
o In-Band SQL Injection
• Error Based SQL Injection
• Union SQL Injection
o Blind/Inferential SQL Injection
• No Error Messages Returned
• Blind SQL Injection: WAITFOR DELAY (YES or NO Response)
• Blind SQL Injection: Boolean Exploitation and Heavy Query
o Out-of-Band SQL injection
SQL Injection Methodology
• SQL Injection Methodology
o Information Gathering and SQL Injection Vulnerability Detection
• Information Gathering
• Identifying Data Entry Paths
• Extracting Information through Error Messages
• Testing for SQL Injection
• Additional Methods to Detect SQL Injection
• SQL Injection Black Box Pen Testing
• Source Code Review to Detect SQL Injection Vulnerabilities
Testing for Blind SQL Injection Vulnerability in MySQL and MSSQL
o Launch SQL Injection Attacks
• Perform Union SQL Injection
•Perform Error Based SQL Injection
• Perform Error Based SQL Injection using Stored Procedure Injection
• Bypass Website Logins Using SQL Injection
• Perform Blind SQL Injection – Exploitation (MySQL)
• Blind SQL Injection — Extract Database User
• Blind SQL Injection — Extract Database Name
• Blind SQL Injection — Extract Column Name
• Blind SQL Injection — Extract Data from ROWS
• Perform Double Blind SQL Injection – Classical Exploitation (MySQL)
• Perform Blind SQL Injection Using Out of Band Exploitation Technique
• Exploiting Second-Order SQL Injection
• Bypass Firewall using SQL Injection
• Perform SQL Injection to Insert a New User and Update Password
• Exporting a Value with Regular Expression Attack
o Advanced SQL Injection
• Database, Table, and Column Enumeration
• Advanced Enumeration
• Features of Different DBMSs
• Creating Database Accounts
• Password Grabbing
• Grabbing SQL Server Hashes
• Extracting SQL Hashes (In a Single Statement
• Transfer Database to Attacker’s Machine
• Interacting with the Operating System
• Interacting with the File System
• Network Reconnaissance Using SQL Injection
• Network Reconnaissance Full Query
Finding and Bypassing Admin Panel of a Website
• PL/SQL Exploitation
• Creating Server Backdoors using SQL Injection
SQL Injection Tools
• SQL Injection Tools
o SQL Power Injector and sqlmap
o The Mole and jSQL Injection
• SQL Injection Tools
•SQL Injection Tools for Mobile
Evasion Techniques
• Evading IDS
• Types of Signature Evasion Techniques
o In-line Comment
o Char Encoding
o String Concatenation
o Obfuscated Codes
o Manipulating White Spaces
o Hex Encoding
o Sophisticated Matches
o URL Encoding
o Null Byte
o Case Variation
o Declare Variable
o IP Fragmentation
Countermeasures
• How to Defend Against SQL Injection Attacks
o Use Type-Safe SQL Parameters
• SQL Injection Detection Tools
o IBM Security AppScan and Acunetix Web Vulnerability Scanner
o Snort Rule to Detect SQL Injection Attacks
• SQL Injection Detection Tools
Module 16: Hacking Wireless Networks
Wireless Concepts
• Wireless Terminologies
• Wireless Networks
•Wireless Standards
• Service Set Identifier (SSID)
• Wi-Fi Authentication Modes
• Wi-Fi Authentication Process Using a Centralized Authentication Server
• Types of Wireless Antennas
Wireless Encryption
• Types of Wireless Encryption
o WEP (Wired Equivalent Privacy) Encryption
o WPA (Wi-Fi Protected Access) Encryption
o WPA2 (Wi-Fi Protected Access 2) Encryption
• WEP vs. WPA vs. WPA2
• WEP Issues
• Weak Initialization Vectors (IV)
Wireless Threats
• Wireless Threats
o Rogue Access Point Attack
o Client Mis-association
o Misconfigured Access Point Attack
o Unauthorized Association
o Ad Hoc Connection Attack
o Honeypot Access Point Attack
o AP MAC Spoofing
o Denial-of-Service Attack
o Key Reinstallation Attack (KRACK)
o Jamming Signal Attack
• Wi-Fi Jamming Devices
Wireless Hacking Methodology
• Wireless Hacking Methodology
o Wi-Fi Discovery
• Footprint the Wireless Network
• Find Wi-Fi Networks in Range to Attack
• Wi-Fi Discovery Tools
• Mobile-based Wi-Fi Discovery Tools
o GPS Mapping
•GPS Mapping Tools
• Wi-Fi Hotspot Finder Tools
• How to Discover Wi-Fi Network Using Wardriving
o Wireless Traffic Analysis
• Choosing the Right Wi-Fi Card
• Wi-Fi USB Dongle: AirPcap
• Wi-Fi Packet Sniffer
• Perform Spectrum Analysis
o Launch Wireless Attacks
• Aircrack-ng Suite
•How to Reveal Hidden SSIDs
•Fragmentation Attack
• How to Launch MAC Spoofing Attack
• Denial-of-Service: Disassociation and Deauthentication Attacks
• Man-in-the-Middle Attack
• MITM Attack Using Aircrack-ng
• Wireless ARP Poisoning Attack
• Rogue Access Points
• Evil Twin
• How to Set Up a Fake Hotspot (Evil Twin)
o Crack Wi-Fi Encryption
• How to Break WEP Encryption
How to Crack WEP Using Aircrack-ng
• How to Break WPA/WPA2 Encryption
• How to Crack WPA-PSK Using Aircrack-ng
• WEP Cracking and WPA Brute Forcing Using Cain & Abel
Wireless Hacking Tools
• WEP/WPA Cracking Tools
• WEP/WPA Cracking Tool for Mobile
• Wi-Fi Sniffer
• Wi-Fi Traffic Analyzer Tools
• Other Wireless Hacking Tools
Bluetooth Hacking
• Bluetooth Stack
• Bluetooth Hacking
• Bluetooth Threats
• How to BlueJack a Victim
• Bluetooth Hacking Tools
Countermeasures
• Wireless Security Layers
• How to Defend Against WPA/WPA2 Cracking
• How to Defend Against KRACK Attacks
• How to Detect and Block Rogue AP
• How to Defend Against Wireless Attacks
• How to Defend Against Bluetooth Hacking
Wireless Security Tools
• Wireless Intrusion Prevention Systems
• Wireless IPS Deployment
• Wi-Fi Security Auditing Tools
• Wi-Fi Intrusion Prevention System
• Wi-Fi Predictive Planning Tools
• Wi-Fi Vulnerability Scanning Tools
• Bluetooth Security Tools
Wi-Fi Security Tools for Mobile
Wireless Pen Testing
• Wireless Penetration Testing
• Wireless Penetration Testing Framework
o Pen Testing for General Wi-Fi Network Attack
o Pen Testing WEP Encrypted WLAN
o Pen Testing WPA/WPA2 Encrypted WLAN
o Pen Testing LEAP Encrypted WLAN
o Pen Testing Unencrypted WLAN
Module 17: Hacking Mobile Platforms
Mobile Platform Attack Vectors
• Vulnerable Areas in Mobile Business Environment
• OWASP Top 10 Mobile Risks — 2016
• Anatomy of a Mobile Attack
• How a Hacker can Profit from Mobile when Successfully Compromised
• Mobile Attack Vectors and Mobile Platform Vulnerabilities
• Security Issues Arising from App Stores
• App Sandboxing Issues
• Mobile Spam
• SMS Phishing Attack (SMiShing) (Targeted Attack Scan)
o SMS Phishing Attack Examples
• Pairing Mobile Devices on Open Bluetooth and Wi-Fi Connections
Hacking Android OS
• Android OS
o Android Device Administration API
• Android Rooting
o Rooting Android Using KingoRoot
o Android Rooting Tools
• Blocking Wi-Fi Access using NetCut
• Hacking with zANTI
Hacking Networks Using Network Spoofer
• Launching DoS Attack using Low Orbit Ion Cannon (LOIC)
• Performing Session Hijacking Using DroidSheep
• Hacking with Orbot Proxy
• Android-based Sniffers
• Android Trojans
• Securing Android Devices
• Android Security Tool: Find My Device
• Android Security Tools
• Android Vulnerability Scanner
• Android Device Tracking Tools
Hacking iOS
• Apple iOS
• Jailbreaking iOS
o Jailbreaking Techniques
o Jailbreaking of iOS 11.2.1 Using Cydia
o Jailbreaking of iOS 11.2.1 Using Pangu Anzhuang
o Jailbreaking Tools
• iOS Trojans
• Guidelines for Securing iOS Devices
• iOS Device Tracking Tools
• iOS Device Security Tools
Mobile Spyware
• Mobile Spyware
• Mobile Spyware: mSpy
• Mobile Spywares
Mobile Device Management
• Mobile Device Management (MDM)
• Mobile Device Management Solutions
• Bring Your Own Device (BYOD)
o BYOD Risks
•BYOD Policy Implementation
o BYOD Security Guidelines
Mobile Security Guidelines and Tools
• General Guidelines for Mobile Platform Security
• Mobile Device Security Guidelines for Administrator
• SMS Phishing Countermeasures
• Mobile Protection Tools
• Mobile Anti-Spyware
Mobile Pen Testing
• Android Phone Pen Testing
• iPhone Pen Testing
• Mobile Pen Testing Toolkit: Hackode
Module 18: IoT Hacking
IoT Concepts
• What is IoT
• How IoT Works
• IoT Architecture
• IoT Application Areas and Devices
• IoT Technologies and Protocols
• IoT Communication Models
• Challenges of IoT
• Threat vs Opportunity
IoT Attacks
• IoT Security Problems
• OWASP Top 10 IoT Vulnerabilities and Obstacles
• IoT Attack Surface Areas
• IoT Threats
• Hacking IoT Devices: General Scenario
• IoT Attacks
o DDoS Attack
•Exploit HVAC
o Rolling Code Attack
o BlueBorne Attack
o Jamming Attack
o Hacking Smart Grid / Industrial Devices: Remote Access using Backdoor
o Other IoT Attacks
• IoT Attacks in Different Sectors
• Case Study: Dyn Attack
IoT Hacking Methodology
• What is IoT Device Hacking?
• IoT Hacking Methodology
o Information Gathering Using Shodan
o Information Gathering using MultiPing
o Vulnerability Scanning using Nmap
o Vulnerability Scanning using RIoT Vulnerability Scanner
o Sniffing using Foren6
o Rolling code Attack using RFCrack
o Hacking Zigbee Devices with Attify Zigbee Framework
o BlueBorne Attack Using HackRF One
o Gaining Remote Access using Telnet
o Maintain Access by Exploiting Firmware
IoT Hacking Tools
• Information Gathering Tools
• Sniffing Tools
• Vulnerability Scanning Tools
• IoT Hacking Tools
Countermeasures
• How to Defend Against IoT Hacking
• General Guidelines for IoT Device Manufacturing Companies
• OWASP Top 10 IoT Vulnerabilities Solutions
• IoT Framework Security Considerations
• IoT Security Tools
IoT Pen Testing
• IoT Pen Testing
Module 19: Cloud Computing
Cloud Computing Concepts
• Introduction to Cloud Computing
• Separation of Responsibilities in Cloud
• Cloud Deployment Models
• NIST Cloud Deployment Reference Architecture
• Cloud Computing Benefits
• Understanding Virtualization
Cloud Computing Threats
• Cloud Computing Threats
Cloud Computing Attacks
• Service Hijacking using Social Engineering Attacks
• Service Hijacking using Network Sniffing
• Session Hijacking using XSS Attack
• Session Hijacking using Session Riding
• Domain Name System (DNS) Attacks
• Side Channel Attacks or Cross-guest VM Breaches
• SQL Injection Attacks
• Cryptanalysis Attacks
• Wrapping Attack
• Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
• Man-in-the-Cloud Attack
Cloud Security
• Cloud Security Control Layers
• Cloud Security is the Responsibility of both Cloud Provider and Consumer
• Cloud Computing Security Considerations
• Placement of Security Controls in the Cloud
• Best Practices for Securing Cloud
• NIST Recommendations for Cloud Security
• Organization/Provider Cloud Security Compliance Checklist
Cloud Security Tools
• Cloud Security Tools
Cloud Penetration Testing
• What is Cloud Pen Testing?
• Key Considerations for Pen Testing in the Cloud
• Cloud Penetration Testing
• Recommendations for Cloud Testing
Module 20: Cryptography
Cryptography Concepts
• Cryptography
o Types of Cryptography
• Government Access to Keys (GAK)
Encryption Algorithms
• Ciphers
• Data Encryption Standard (DES)
• Advanced Encryption Standard (AES)
• RC4, RC5, and RC6 Algorithms
• Twofish
• The DSA and Related Signature Schemes
• Rivest Shamir Adleman (RSA)
• Diffie-Hellman
• Message Digest (One-Way Hash) Functions
o Message Digest Function: MD5
o Secure Hashing Algorithm (SHA)
o RIPEMD — 160
o HMAC
Cryptography Tools
• MD5 Hash Calculators
• Hash Calculators for Mobile
• Cryptography Tools
o Advanced Encryption Package 2017
o BCTextEncoder
o Cryptography Tools
• Cryptography Tools for Mobile
Public Key Infrastructure (PKI)
• Public Key Infrastructure (PKI)
o Certification Authorities
o Signed Certificate (CA) Vs. Self Signed Certificate
Email Encryption
•Digital Signature
• Secure Sockets Layer (SSL)
• Transport Layer Security (TLS)
• Cryptography Toolkit
• OpenSSL
• Keyczar
• Pretty Good Privacy (PGP)
Disk Encryption
• Disk Encryption
• Disk Encryption Tools
o VeraCrypt
o Symantec Drive Encryption
o Disk Encryption Tools
Cryptanalysis
• Cryptanalysis Methods
o Linear Cryptanalysis
o Differential Cryptanalysis
o Integral Cryptanalysis
Code Breaking Methodologies
• Cryptography Attacks
o Brute-Force Attack
o Birthday Attack
• Birthday Paradox: Probability
o Meet-in-the-Middle Attack on Digital Signature Schemes
o Side Channel Attack
o Hash Collision Attack
o DUHK Attack
o Rainbow Table Attack
• Cryptanalysis Tools
• Online MD5 Decryption Tools
Countermeasures
• How to Defend Against Cryptographic Attacks