EC-Council CEH V - ItSM Solutions

2y ago
16 Views
2 Downloads
350.05 KB
29 Pages
Last View : 1m ago
Last Download : 5m ago
Upload by : Philip Renner
Transcription

EC-Council CEH v.7Course Introduction5mCourse IntroductionModule 00 - Student Introduction5mStudent IntroductionCourse MaterialsCEHv7 Course OutlineEC-Council Certification ProgramCertified Ethical Hacker TrackCEHv7 Exam InformationLab SessionsWhat Does CEH Teach You?What CEH is NOT?Remember This!CEH Class SpeedLive Hacking WebsiteLet’s Start Hacking!Module 01 - Introduction to Ethical HackingModule Flow: Info Security OverviewSecurity NewsCase StudyScenario: How Simple Things Can Get You into Trouble?Internet Crime Current Report: IC3Data Breach Investigations ReportTypes of Data Stolen From the OrganizationsEssential TerminologiesElements of Information SecurityAuthenticity and Non-RepudiationThe Security, Functionality, and Usability TriangleSecurity ChallengesModule Flow: Hacking ConceptsEffects of HackingEffects of Hacking on BusinessWho is a Hacker?Hacker ClassesHacktivismModule Flow: Hacking PhasesWhat Does a Hacker Do?Phase 1 - ReconnaissancePhase 2 - ScanningPhase 3 - Gaining AccessPhase 4 - Maintaining AccessPhase 5 - Covering TracksModule Flow: Types of AttacksTypes of Attacks on a SystemOperating System AttacksApplication-Level AttacksShrink Wrap Code AttacksMisconfiguration AttacksModule Flow: Ethical HackingWhy Ethical Hacking is Necessary?Defense in Depth1h

Scope and Limitations of Ethical HackingWhat Do Ethical Hackers Do?Skills of an Ethical HackerModule Flow: Vulnerability ResearchVulnerability ResearchVulnerability Research WebsitesDemo - Vulnerability Research WebsiteWhat is Penetration Testing?Why Penetration Testing?Penetration Testing MethodologyQuotesModule 01 ReviewModule 02 - Footprinting and ReconnaissanceModule Flow: Footprinting ConceptsSecurity NewsFootprinting TerminologiesWhat is Footprinting?Objectives of FootprintingModule Flow: Footprinting ThreatsFootprinting ThreatsModule Flow: Footprinting MethodologyFootprinting Methodology: Internet FootprintingFinding a Company's URLLocate Internal URLsPublic and Restricted WebsitesSearch for Company's InformationTools to Extract Company's DataFootprinting Through Search EnginesDemo - Footprinting Through Search EnginesCollect Location InformationSatellite Picture of a ResidencePeople SearchPeople Search Using http://pipl.comPeople Search Online ServicesDemo - People Search Using Online ServicesPeople Search on Social Networking ServicesGather Information from Financial ServicesFootprinting Through Job SitesMonitoring Target Using AlertsFootprinting Methodology: Competitive IntelligenceCompetitive Intelligence GatheringCompetitive Intelligence - When Did this Company Begin? How Did it Develop?Competitive Intelligence - What are the Company's Plans?Competitive Intelligence - What Expert Opinion Say About the Company?Competitive Intelligence ToolsCompetitive Intelligence Consulting CompaniesFootprinting Methodology: WHOIS FootprintingWHOIS LookupWHOIS Lookup Result AnalysisWHOIS Lookup Tools: SmartWhoisDemo - SmartWhoisWHOIS Lookup ToolsWHOIS Lookup Online ToolsFootprinting Methodology: DNS FootprintingExtracting DNS Information2h 23m

Demo - DNS OverviewDNS Interrogation ToolsDNS Interrogation Online ToolsFootprinting Methodology: Network FootprintingLocate the Network RangeTracerouteTraceroute AnalysisTraceroute Tool: 3D TracerouteTraceroute Tool: LoriotProTraceroute Tool: Path Analyzer ProTraceroute ToolsFootprinting Methodology: Website FootprintingMirroring Entire WebsiteDemo - HTTrack and Website WatcherWebsite Mirroring ToolsMirroring Entire Website ToolsExtract Website Information from http://www.archive.orgMonitoring Web Updates Using Website WatcherFootprinting Methodology: E-mail FootprintingTracking Email CommunicationsEmail Tracking ToolsDemo - Tracking Emails with ReadNotifyFootprinting Methodology: Google HackingFootprint Using Google Hacking TechniquesWhat a Hacker Can Do With Google Hacking?Google Advance Search OperatorsFinding Resources using Google Advance OperatorDemo - Google HackingGoogle Hacking Tool: Google Hacking Database (GHDB)Google Hacking ToolsModule Flow: Footprinting ToolsAdditional Footprinting ToolsModule Flow: Footprinting CountermeasuresFootprinting CountermeasuresModule Flow: Footprinting Pen TestingFootprinting Pen TestingQuotesModule 02 SummaryModule 03 - Scanning NetworksScanning NetworksSecurity NewsNetwork ScanningTypes of ScanningCEH Scanning Methodology: Check for Live SystemChecking for Live Systems - ICMP ScanningPing SweepPing Sweep ToolsDemo - Angry IPCEH Scanning Methodology: Check for Open PortsThree-Way HandshakeTPC Communication FlagsCreate Custom Packet using TCP FlagsHping2/Hping3Hping3 ScreenshotHping Commands1h 44m

Scanning TechniquesTCP Connect/Full Open ScanStealth Scan (Half-open Scan)Xmas ScanFIN ScanNULL ScanIDLE ScanIDLE Scan: Step 1IDLE Scan: Step 2.1 (Open Port)IDLE Scan: Step 2.2 (Closed Port)IDLE Scan: Step 3ICMP Echo Scanning/List ScanSYN/FIN Scanning Using IP FragmentsUDP ScanningInverse TCP Flag ScanningACK Flag ScanningScanning: IDS Evasion TechniquesIP Fragmentation ToolsScanning Tool: NmapNmapDemo - NmapScanning Tool: NetScan Tools ProScanning ToolsDo Not Scan These IP AddressesScanning CountermeasuresWar DialingWhy War Dialing?War Dialing ToolsWar Dialing CountermeasuresWar Dialing Countermeasures: SandTrap ToolCEH Scanning Methodology: Banner GrabbingOS FingerprintingActive Banner Grabbing Using TelnetDemo - Banner Grabbing Using TelnetBanner Grabbing Tool: ID ServeGET REQUESTSBanner Grabbing Tool: NetcraftDemo - Footprinting Webservers Using NetcraftBanner Grabbing ToolsBanner Grabbing Countermeasures: Disabling or Changing BannerHiding File ExtensionsHiding File Extensions from WebpagesCEH Scanning Methodology: Scan for VulnerabilityVulnerability ScanningNessus: ScreenshotDemo - Vulnerability Scanning with NessusVulnerability Scanning Tool: SAINTGFI LANGuardNetwork Vulnerability ScannersCEH Scanning Methodology: Draw Network DiagramsLANsurveyorLANsurveyor: ScreenshotNetwork MappersCEH Scanning Methodology: Prepare ProxiesProxy ServersWhy Attackers Use Proxy Servers?

Use of Proxies for AttackHow Does MultiProxy Work?Free Proxy ServersProxy WorkbenchProxifier Tool: Create Chain of Proxy ServersSocksChainTOR (The Onion Routing)TOR Proxy Chaining SoftwareHTTP Tunneling TechniquesWhy do I Need HTTP Tunneling?Super Network Tunnel ToolHttptunnel for WindowsAdditional HTTP Tunneling ToolsSSH TunnelingSSL Proxy ToolHow to Run SSL Proxy?Proxy ToolsAnonymizersTypes of AnonymizersCase: Bloggers Write Text Backwards to Bypass Web Filters in ChinaText Conversion to Avoid FiltersCensorship Circumvention Tool: PsiphonHow Psiphon Works?Psiphon: ScreenshotHow to Check if Your Website is Blocked in China or Not?G-ZapperAnonymizers (Cont.)Spoofing IP AddressIP Spoofing Detection Techniques: Direct TTL ProbesIP Spoofing Detection Techniques: IP Identification NumberIP Spoofing Detection Techniques: TCP Flow Control MethodIP Spoofing CountermeasuresScanning Penetration TestingScanning Pen TestingQuotesModule 03 ReviewModule 04 - EnumerationModule Flow: Enumeration ConceptsSecurity NewsWhat is Enumeration?Techniques of EnumerationModule Flow: NetBIOS EnumerationNetbios EnumerationNetBIOS Enumeration Tool: SuperScanDemo - Enumerating Users Using Null SessionsNetBIOS Enumeration Tool: NetBIOS EnumeratorEnumerating User AccountsEnumerate Systems Using Default PasswordsModule Flow: SNMP EnumerationSNMP (Simple Network Management Protocol) EnumerationManagement Information Base (MIB)SNMP Enumeration Tool: OpUtils Network Monitoring ToolsetSNMP Enumeration Tool: SolarWindsDemo - SNMP Enumeration with Solar WindsSNMP Enumeration Tools48m

Module Flow: UNIX/Linux EnumerationUNIX/Linux EnumerationLinux Enumeration Tool: Enum4linuxModule Flow: LDAP EnumerationLDAP EnumerationLDAP Enumeration Tool: JXplorerLDAP Enumeration ToolModule Flow: NTP EnumerationNTP EnumerationNTP Server Discovery Tool: NTP Server ScannerNTP Server: PresenTense Time ServerNTP Enumeration ToolsModule Flow: SMTP EnumerationSMTP EnumerationSMTP Enumeration Tool: NetScanTools ProModule Flow: DNS EnumerationDNS Zone Transfer Enumeration Using nslookupDemo - Enumerating DNS Using nslookupDNS Analyzing and Enumeration Tool: The Men & Mice SuiteModule Flow: Enumeration CountermeasuresEnumeration CountermeasuresSMB Enumeration CountermeasuresModule Flow: Enumeration Pen TestingEnumeration Pen TestingQuotesModule 04 ReviewModule 05 - System HackingSystem HackingSecurity NewsInformation at Hand Before System Hacking StageSystem Hacking: GoalsCEH Hacking Methodology (CHM)CEH System Hacking Steps: Cracking PasswordsPassword CrackingPassword ComplexityPassword Cracking TechniquesDemo - Password Cracking with CainTypes of Password AttacksPassive Online Attacks: Wire SniffingPassword SniffingPassive Online Attack: Man-in-the-Middle and Replay AttackActive Online Attack: Password GuessingActive Online Attack: Trojan/Spyware/KeyloggerActive Online Attack: Hash Injection AttackRainbow Attacks: Pre-Computed HashDistributed Network AttackElcomsoft Distributed Password RecoveryDemo - Distributed Password Cracking with ElcomsoftNon-Electronic AttacksDemo - SpytectorDefault PasswordsManual Password Cracking (Guessing)Automatic Password Cracking AlgorithmStealing Passwords Using USB DriveMicrosoft Authentication2h 40m

How Hash Passwords are Stored in Windows SAM?What is LAN Manager Hash?LM "Hash" GenerationLM, NTLMv1, and NTLMv2NTLM Authentication ProcessKerberos AuthenticationSaltingPWdump7 and FgdumpL0phtCrackOphcrackCain & AbelRainbowCrackPassword Cracking ToolsLM Hash Backward CompatibilityHow to Disable LM HASH?How to Defend against Password Cracking?Implement and Enforce Strong Security PolicyCEH System Hacking Steps: Escalating PrivilegesPrivilege EscalationEscalation of PrivilegesActive@Password ChangerPrivilege Escalation ToolsHow to Defend against Privilege Escalation?CEH System Hacking Steps: Executing ApplicationsExecuting ApplicationsAlchemy Remote ExecutorRemoteExecExecute This!KeyloggerTypes of Keystroke LoggersAcoustic/CAM KeyloggerKeylogger: Advanced KeyloggerKeylogger: Spytech SpyAgentKeylogger: Perfect KeyloggerKeylogger: Powered KeyloggerKeylogger for Mac: Aobo Mac OS X KeyLoggerKeylogger for Mac: Perfect Keylogger for MacHardware Keylogger: KeyGhostKeyloggersSpywareWhat Does the Spyware Do?Types of SpywaresDesktop SpywareDesktop Spyware: Activity MonitorDesktop Spyware (Cont.)Email and Internet SpywareEmail and Internet Spyware: eBLASTERInternet and E-mail SpywareChild Monitoring SpywareChild Monitoring Spyware: Advanced Parental ControlChild Monitoring Spyware (Cont.)Screen Capturing SpywareScreen Capturing Spyware: Spector ProScreen Capturing Spyware (Cont.)USB SpywareUSB Spyware: USBDumper

USB Spyware (Cont.)Audio SpywareAudio Spyware: RoboNanny, Stealth Recorder Pro and Spy Voice RecorderVideo SpywareVideo Spyware: Net Video SpyVideo Spyware (Cont.)Print SpywarePrint Spyware: Printer Activity MonitorPrint Spyware (Cont.)Telephone/Cellphone SpywareCellphone Spyware: Mobile SpyTelephone/Cellphone Spyware (Cont.)GPS SpywareGPS Spyware: GPS TrackMakerGPS Spyware (Cont.)How to Defend against Keyloggers?Anti-KeyloggerAnti-Keylogger: Zemana AntiLoggerAnti-KeyloggersHow to Defend against Spyware?Anti-Spyware: Spyware DoctorAnti-SpywaresCEH System Hacking Steps: Hiding FilesRootkitsTypes of RootkitsHow Rootkit Works?Rootkit: FuDemo - Fu RootkitDetecting RootkitsSteps for Detecting RootkitsHow to Defend against Rootkits?Anti-Rootkit: RootkitRevealer and McAfee Rootkit DetectiveAnti-RootkitsNTFS Data StreamHow to Create NTFS Streams?NTFS Stream ManipulationHow to Defend against NTFS Streams?Demo - Creating Alternate Data StreamsNTFS Stream Detector: ADS Scan EngineNTFS Stream DetectorsWhat is Steganography?Steganography TechniquesHow Steganography Works?Types of SteganographyWhitespace Steganography Tool: SNOWImage SteganographyImage Steganography: Hermetic StegoImage Steganography ToolsDocument Steganography: wbStegoDocument Steganography ToolsVideo Steganography: Our SecretVideo Steganography ToolsAudio Steganography: Mp3stegzAudio Steganography ToolsFolder Steganography: Invisible Secrets 4Demo - Steganography

Folder Steganography ToolsSpam/Email Steganography: Spam MimicNatural Text Steganography: Sams Big G Play MakerSteganalysisSteganalysis Methods/Attacks on SteganographySteganography Detection Tool: StegdetectSteganography Detection ToolsCEH System Hacking Steps: Covering TracksWhy Cover Tracks?Covering TracksWays to Clear Online TracksDisabling Auditing: AuditpolCovering Tracks Tool: Window WasherCovering Tracks Tool: Tracks Eraser ProTrack Covering ToolsCEH System Hacking Steps: Penetration TestingPassword Cracking (Cont.)Privilege Escalation (Cont.)Executing Applications (Cont.)Hiding FilesCovering Tracks (Cont.)QuotesModule 05 ReviewModule 06 - Trojans and BackdoorsModule Flow: Trojan ConceptsSecurity NewsWhat is a Trojan?Overt and Covert ChannelsPurpose of TrojansWhat Do Trojan Creators Look For?Indications of a Trojan AttackCommon Ports used by TrojansModule Flow: Trojan InfectionHow to Infect Systems Using a Trojan?WrappersWrapper Covert ProgramsDifferent Ways a Trojan can Get into a SystemHow to Deploy a Trojan?Evading Anti-Virus TechniquesModule Flow: Types of TrojansTypes of TrojansCommand Shell TrojansCommand Shell Trojan: NetcatDemo - NetcatGUI Trojan: MoSuckerGUI Trojan: Jumper and BiodoxDocument TrojansE-mail TrojansE-mail Trojans: RemoteByMailDefacement TrojansDefacement Trojans: RestoratorBotnet TrojansBotnet Trojan: Illusion BotBotnet Trojan: NetBot AttackerProxy Server Trojans1h 16m

Proxy Server Trojan: W3bPrOxy Tr0j4nCr34t0r (Funny Name)FTP TrojansFTP Trojan: TinyFTPDVNC TrojansHTTP/HTTPS TrojansHTTP Trojan: HTTP RATShttpd Trojan - HTTPS (SSL)ICMP TunnelingICMP Trojan: icmpsendRemote Access TrojansDemo - BeastRemote Access Trojan: RAT DarkCometRemote Access Trojan: ApocalypseCovert Channel Trojan: CCTTE-banking TrojansBanking Trojan AnalysisE-banking Trojan: ZeuSDestructive TrojansNotification TrojansCredit Card TrojansData Hiding Trojans (Encrypted Trojans)BlackBerry Trojan: PhoneSnoopMAC OS X Trojan: DNSChangerMac OS X Trojan: Hell RaiserModule Flow: Trojan DetectionHow to Detect Trojans?Scanning for Suspicious PortsPort Monitoring Tool: IceSwordPort Monitoring Tools: CurrPorts and TCPViewScanning for Suspicious ProcessesProcess Monitoring Tool: What's RunningProcess Monitoring ToolsScanning for Suspicious Registry EntriesRegistry Entry Monitoring ToolsScanning for Suspicious Device DriversDevice Drivers Monitoring Tools: DriverViewDevice Drivers Monitoring ToolsScanning for Suspicious Windows ServicesWindows Services Monitoring Tools: Windows Service Manager (SrvMan)Windows Services Monitoring ToolsScanning for Suspicious Startup ProgramsWindows7 Startup Registry EntriesStartup Programs Monitoring Tools: StarterStartup Programs Monitoring Tools: Security AutoRunStartup Programs Monitoring ToolsDemo - What's Running?Scanning for Suspicious Files and FoldersFiles and Folder Integrity Checker: FastSum and WinMD5Files and Folder Integrity CheckerScanning for Suspicious Network ActivitiesDetecting Trojans and Worms with Capsa Network AnalyzerModule Flow: CountermeasuresTrojan CountermeasuresBackdoor CountermeasuresTrojan Horse Construction KitModule Flow: Anti-Trojan Software

Anti-Trojan Software: TrojanHunterAnti-Trojan Software: Emsisoft Anti-MalwareAnti-Trojan SoftwaresModule Flow: Penetration TestingPen Testing for Trojans and BackdoorsQuotesModule 06 ReviewModule 07 - Viruses and WormsModule Flow: Virus and Worms ConceptsSecurity NewsIntroduction to VirusesVirus and Worm Statistics 2010Stages of Virus LifeWorking of Viruses: Infection PhaseWorking of Viruses: Attack PhaseWhy Do People Create Computer Viruses?Indications of Virus AttackHow does a Computer get Infected by Viruses?Virus HoaxesVirus Analysis: W32/Sality.AAVirus Analysis: W32/Toal-AVirus Analysis: W32/VirutVirus Analysis: KlezModule Flow: Types of VirusesTypes of VirusesSystem or Boot Sector VirusesFile and Multipartite VirusesMacro VirusesCluster VirusesStealth/Tunneling VirusesEncryption VirusesPolymorphic CodeMetamorphic VirusesFile Overwriting or Cavity VirusesSparse Infector VirusesCompanion/Camouflage VirusesShell VirusesFile Extension VirusesAdd-on and Intrusive VirusesTransient and Terminate and Stay Resident VirusesWriting a Simple Virus ProgramTerabit Virus MakerJPS Virus MakerDemo - JPS Virus Maker ToolDELmE's Batch Virus MakerModule Flow: Computer WormsComputer WormsHow is a Worm Different from a Virus?Example of Worm Infection: Conficker WormWhat does the Conficker Worm do?How does the Conficker Worm Work?Worm Analysis: W32/NetskyWorm Analysis: W32/Bagle.GEWorm Maker: Internet Worm Maker ThingModule Flow: Malware Analysis40m

What is Sheep Dip Computer?Anti-Virus Sensors SystemsMalware Analysis Procedure: Preparing TestbedMalware Analysis ProcedureString Extracting Tool: BintextCompression and Decompression Tool: UPXProcess Monitoring Tools: Process MonitorLog Packet Content Monitoring Tools: NetResidentDebugging Tool: OllydbgVirus Analysis Tool: IDA ProOnline Malware Testing: Sunbelt CWSandboxOnline Malware Testing: VirusTotalOnline Malware Analysis ServicesModule Flow: CountermeasuresVirus Detection MethodsVirus and Worms CountermeasuresCompanion Antivirus: Immunet ProtectAnti-virus ToolsModule Flow: Penetration TestingPenetration Testing for VirusQuotesModule 07 ReviewModule 08 - SniffersModule Flow: Sniffing ConceptsSecurity NewsLawful InterceptBenefits of Lawful InterceptNetwork Components Used for Lawful InterceptWiretappingSniffing ThreatsHow a Sniffer Works?Hacker Attacking a SwitchTypes of Sniffing: Passive SniffingTypes of Sniffing: Active SniffingProtocols Vulnerable to SniffingTie to Data Link Layer in OSI ModelHardware Protocol AnalyzersSPAN PortModule Flow: MAC AttacksMAC FloodingMAC Address/CAM TableHow CAM Works?What Happens When CAM Table is Full?Mac Flooding Switches with macofMAC Flooding Tool: YersiniaHow to Defend against MAC Attacks?Module Flow: DHCP AttacksHow DHCP Works?DHCP Request/Reply MessagesIPv4 DHCP Packet FormatDHCP Starvation AttackRogue DHCP Server AttackDHCP Starvation Attack Tool: GobblerHow to Defend Against DHCP Starvation and Rogue Server Attack?Module Flow: ARP Poisoning Attacks1h 32m

What is Address Resolution Protocol (ARP)?ARP Spoofing AttackHow Does ARP Spoofing Work?Threats of ARP PoisoningARP Poisoning Tool: Cain and AbelDemo - Active Sniffing with CainDemo - Actively Sniffing a Switched Network with CainARP Poisoning Tool: WinArpAttackerARP Poisoning Tool: Ufasoft SnifHow to Defend Against ARP Poisoning?Configuring DHCP Snooping and Dynamic ARP Inspection on Cisco SwitchesModule Flow: Spoofing AttackMAC Spoofing/DuplicatingSpoofing Attack ThreatsMAC Spoofing Tool: SMACDemo - Spoofing the MAC AddressHow to Defend Against MAC Spoofing?Module Flow: DNS PoisoningDNS Poisoning TechniquesIntranet DNS SpoofingProxy Server DNS PoisoningDNS Cache PoisoningHow to Defend Against DNS Spoofing?Module Flow: Sniffing ToolsSniffing Tool: WiresharkDemo - Packet Capturing with WiresharkFollow TCP Stream in WiresharkDisplay Filters in WiresharkAdditional Wireshark FiltersSniffing Tool: CACE PilotSniffing Tool: Tcpdump/WindumpDiscovery Tool: NetworkViewDiscovery Tool: The Dude SnifferPassword Sniffing Tool: AcePacket Sniffing Tool: Capsa Network AnalyzerOmniPeek Network AnalyzerNetwork Packet Analyzer: ObserverSession Capture Sniffer: NetWitnessEmail Message Sniffer: Big-MotherTCP/IP Packet Crafter: Packet BuilderAdditional Sniffing ToolsHow an Attacker Hacks the Network Using Sniffers?Module Flow: CountermeasuresHow to Defend Against Sniffing?Sniffing Prevention TechniquesHow to Detect Sniffing?Promiscuous Detection Tool: PromqryUIPromiscuous Detection Tool: PromiScanQuotesModule 08 ReviewModule 09 - Social EngineeringModule Flow: Social Engineering ConceptsSecurity NewsWhat is Social Engineering?48m

Behaviors Vulnerable to AttacksFactors that Make Companies Vulnerable to AttacksWhy is Social Engineering Effective?Warning Signs of an AttackPhases in a Social Engineering AttackImpact on the OrganizationCommand Injection Attacks"Rebecca" and "Jessica"Common Targets of Social EngineeringCommon Targets of Social Engineering: Office WorkersModule Flow: Social Engineering TechniquesTypes of Social EngineeringHuman-Based Social EngineeringTechnical Support ExampleAuthority Support ExampleHuman-Based Social Engineering (Cont.)Human-Based Social Engineering: Dumpster DivingHuman-Based Social Engineering (Cont.)Watch these MoviesWatch this MovieComputer-Based Social EngineeringComputer-Based Social Engineering: Pop-UpsComputer-Based Social Engineering: PhishingSocial Engineering Using SMSSocial Engineering by a "Fake SMS Spying Tool"Insider AttackDisgruntled EmployeePreventing Insider ThreatsCommon Intrusion Tactics and Strategies for PreventionModule Flow: Impersonation on Social Networking SitesSocial Engineering Through Impersonation on Social Networking SitesSocial Engineering Example: LinkedIn ProfileSocial Engineering on FacebookSocial Engineering on TwitterSocial Engineering on OrkutSocial Engineering on MySpaceRisks of Social Networking to Corporate NetworksModule Flow: Identity TheftIdentity Theft Statistics 2010Identity TheftHow to Steal an Identity?Step 1Step 2ComparisonStep 3Real Steven Gets Huge Credit Card StatementIdentity Theft - Serious ProblemModule Flow: Social Engineering CountermeasuresSocial Engineering Countermeasures: PoliciesSocial Engineering CountermeasuresHow to Detect Phishing Emails?Anti-Phishing Toolbar: NetcraftDemo - Netcraft Anti-Phishing ToolbarAnti-Phishing Toolbar: PhishTankIdentity Theft CountermeasuresModule Flow: Penetration Testing

Social Engineering Pen TestingSocial Engineering Pen Testing: Using EmailsSocial Engineering Pen Testing: Using PhoneSocial Engineering Pen Testing: In PersonQuotesModule 09 ReviewModule 10 - Denial of ServiceModule Flow: DoS/DDoS ConceptsSecurity NewsWhat is a Denial of Service Attack?What are Distributed Denial of Service Attacks?How Distributed Denial of Service Attacks Work?Symptoms of a DoS AttackCyber CriminalsOrganized Cyber Crime: Organizational ChartInternet Chat Query (ICQ)Internet Relay Chat (IRC)Module Flow: DoS/DDoS Attack TechniquesDoS Attack TechniquesBandwidth AttacksService Request FloodsSYN AttackDemo - SynFlooding with hping2SYN FloodingICMP Flood AttackPeer-to-Peer AttacksPermanent Denial-of-Service AttackApplication Level Flood AttacksModule Flow: BotnetsBotnetBotnet Propagation TechniqueBotnet EcosystemBotnet Trojan: SharkPoison Ivy: Botnet Command Control CenterBotnet Trojan: PlugBotModule Flow: DDoS Case StudyWikileaksDDoS AttackDDoS Attack Tool: LOICDenial of Service Attack Against MasterCard, Visa, and Swiss BanksHackers Advertise Links to Download BotnetModule Flow: DoS/DDoS Attack ToolsDoS Attack ToolsModule Flow: CountermeasuresDetection TechniquesActivity ProfilingWavelet AnalysisSequential Change-Point DetectionDoS/DDoS Countermeasure StrategiesDDoS Attack CountermeasuresDoS/DDoS Countermeasures: Project Secondary VictimsDoS/DDoS Countermeasures: Detect and Neutralize HandlersDoS/DDoS Countermeasures: Detect Potential AttacksDoS/DDoS Countermeasures: Deflect AttacksDoS/DDoS Countermeasures: Mitigate Attacks30m

Post-Attack ForensicsTechniques to Defend against BotnetsDoS/DDoS CountermeasuresDoS/DDoS Protection at ISP LevelEnabling TCP Intercept on Cisco IOS SoftwareAdvanced DDoS Protection: IntelliGuard DDoS Protection System (DPS)Module Flow: DoS/DDoS Protection ToolsDoS/DDoS Protection Tool: NetFlow AnalyzerDoS/DDoS Protection ToolsModule Flow: DoS/DDoS Penetration TestingDenial of Service (DoS) Attack Penetration TestingDenial of Service (DoS) Attack Pen TestingQuotesModule 10 ReviewModule 11 - Session HijackingModule Flow: Session Hijacking ConceptsSecurity NewsWhat is Session Hijacking?Dangers Posed by HijackingWhy Session Hijacking is Successful?Key Session Hijacking TechniquesBrute ForcingBrute Forcing AttackHTTP Referrer AttackSpoofing vs. HijackingSession Hijacking ProcessPacket Analysis of a Local Session HijackTypes of Session HijackingSession Hijacking in OSI ModelModule Flow: Application Level Session HijackingApplication Level Session HijackingSession SniffingPredictable Session TokenHow to Predict a Session Token?Man-in-the-Middle AttackMan-in-the-Browser AttackSteps to Perform Man-in-the-Browser AttackClient-side AttacksCross-site Script AttackSession FixationSession Fixation AttackModule Flow: Network Level Session HijackingNetwork Level Session HijackingThe 3-Way HandshakeSequence NumbersSequence Number PredictionTCP/IP HijackingIP Spoofing: Source Routed PacketsRST HijackingBlind HijackingMan-in-the-Middle Attack using Packet SnifferUDP HijackingModule Flow: Session Hijacking ToolsSession Hijacking Tool: ParosSession Hijacking Tool: Burp Suite32m

Demo - Session Hijacking with BurpSession Hijacking Tool: FiresheepSession Hijacking ToolsModule Flow: CountermeasuresCountermeasuresProtecting against Session HijackingMethods to Prevent Session Hijacking: To be Followed by Web DevelopersMethods to Prevent Session Hijacking: To be Followed by Web UsersDefending against Session Hijack AttacksSession Hijacking RemediationIPSecModes of IPSecIPSec ArchitectureIPSec Authentication and ConfidentialityComponents of IPSecIPSec ImplementationModule Flow: Penetration TestingSession Hijacking Pen TestingQuotesModule 11 ReviewModule 12 - Hacking WebserversModule Flow: Webserver ConceptsSecurity NewsWebserver Market SharesOpen Source Webserver ArchitectureIIS Webserver ArchitectureWebsite DefacementCase StudyWhy Web Servers are Compromised?Impact of Webserver AttacksModule Flow: Webserver ThreatsWebserver MisconfigurationExampleDirectory Traversal AttacksDemo - Performing a Directory Traversal AttackHTTP Response Splitting AttackWeb Cache Poisoning AttackHTTP Response HijackingSSH Bruteforce AttackMan-in-the-Middle AttackWebserver Password CrackingWebserver Password Cracking TechniquesWeb Application AttacksModule Flow: Attack MethodologyWebserver Attack MethodologyWebserver Attack Methodology: Information GatheringDemo - Fingerprinting Webserver with HTTPReconWebserver Attack Methodology: Webserver FootprintingWebserver Footprinting ToolsWebserver Attack Methodology: Mirroring a WebsiteWebserver Attack Methodology: Vulnerability ScanningWebserver Attack Methodology: Session HijackingWebserver Attack Methodology: Hacking Web PasswordsModule Flow: Webserver Attack ToolsWebserver Attack Tools: Metasploit1h 5m

Metasploit ArchitectureMetasploit Exploit ModuleMetasploit Payload ModuleMetasploit Auxiliary ModuleMetasploit NOPS ModuleWebserver Attack Tools: WfetchWeb Password Cracking Tool: BrutusWeb Password Cracking Tool: THC-HydraModule Flow: CountermeasuresCountermeasures: Patches and UpdatesCountermeasures: ProtocolsDemo - Web-based Password Cracking with BrutusCountermeasures: AccountsCountermeasures: Files and DirectoriesHow to Defend Against Web Server Attacks?How to Defend against HTTP Response Splitting and Web Cache PoisoningModule Flow: Patch ManagementPatches and HotfixesWhat is Patch Management?Identifying Appropriate Sources for Updates and PatchesInstallation of a PatchImplementation and Verification of a Security Patch or UpgradePatch Management Tool: Microsoft Baseline Security Analyzer (MBSA)Patch Management ToolsModule Flow: Webserver Security ToolsWeb Application Security Scanner: SandcatWeb Server Security Scanner: WiktoWebserver Malware Infection Monitoring Tool: HackAlertWebserver Security ToolsModule Flow: Webserver Pen TestingWebserver Pen TestingWeb Server Penetration TestingQuotesModule 12 ReviewModule 13 - Hacking Web ApplicationsModule Flow: Web App ConceptsSecurity NewsWeb Application Security StatisticsIntroduction to Web ApplicationsWeb Application ComponentsHow Web Applications Work?Web Application ArchitectureWeb 2.0 ApplicationsVulnerability StackWeb Attack VectorsModule Flow: Web App ThreatsWeb Application Threats - 1Web Application Threats - 2Unvalidated InputParameter/Form TamperingDirectory TraversalSecurity MisconfigurationInjection FlawsSQL Injection AttacksCommand Injection Attacks1h 50m

Demo - Web Vulnerability Scanning with AcunetixCommand Injection ExampleFile Injection AttackWhat is LDAP Injection?How LDAP Injection Works?Hidden Field Manipulation AttackCross-Site Scripting (XSS) AttacksHow XSS Attacks Work?Cross-Site Scripting Attack Scenario: Attack via EmailXSS Example: Attack via EmailXSS Example: Stealing Users' CookiesXSS Example: Sending as Unauthorized RequestXSS Attack in Blog PostingXSS Attack in Comment FieldXSS Cheat SheetCross-Site Request Forgery (CSRF) AttackHow CSRF Attacks Work?Web Application Denial-of-Service (DoS) AttackDenial of Service (DoS) ExamplesBuffer Overflow AttacksCookie/Session PoisoningHow Cookie Poisoning Works?Session Fixation AttackInsufficient Transport Layer ProtectionImproper Error HandlingInsecure Cryptographic StorageBroken Authentication and Session ManagementUnvalidated Redirects and ForwardsWeb Services ArchitectureWeb Services AttackWeb Services Footprinting AttackWeb Services XML PoisoningModule Flow: Hacking MethodologyWeb App Hacking Methodology: Footprint Web InfrastructureFootprint Web InfrastructureFootprint Web Infrastructure: Server DiscoveryFootprint Web Infrastructure: Service DiscoveryFootprint Web Infrastructure: Server Identification/Banner GrabbingFootprint Web Infrastructure: Hidden Content DiscoveryWeb Spidering Using Burp SuiteWeb App Hacking Methodology: Attack Web ServersHacking Web ServersWeb Server Hacking Tool: WebInspectWeb App Hacking Methodology: Analyze Web ApplicationsAnalyze Web ApplicationsAnalyze Web Applications: Identify Entry Points for User InputAnalyze Web Applications: Identify Server-Side TechnologiesAnalyze Web Applications: Identify Server-Side FunctionalityAnalyze Web Applications: Map the Attack SurfaceWeb App H

Keylogger for Mac: Aobo Mac OS X KeyLogger Keylogger for Mac: Perfect Keylogger for Mac . Spector Pro Screen Capturing Spyware (Cont.) . Audio Spyware: RoboNanny, Stealth Recorder Pro and Spy Voice Recorder Video Spyware Video Spyware: Net Video Spy Video Spyware (Cont.) Print Spyware

Related Documents:

Manage ITSM tool contract, providing customer access to SSC’s enterprise ITSM tool license and access to the ITSM tool contract for professional services . 6 6 Understanding Customer Impacts to Help Manage the Change For its own ITSM implementation, SSC conducted a Customer Impact Ass

Contain all hacking tools from the CEH v6 Lab Files DVD-ROMs resident on the hard drive in CEH tools folder at the Desktop (The lab files DVD-ROMs are available from CEH v6 courseware kit) Contain all Windows 2003 source files in c:\i386 Have PowerPoint, Word and Ex

SERVICENOW -THE BEST THING THAT CAN HAPPEN TO YOUR ITSM 6 WHITEPAPER Add-on features in ServiceNow ITSM 1. How CMDB goes together with ITSM - Configuration management Database is a repository of information involvin

BMC Helix ITSM provides an introduction to ITSM application administration and introduces the architecture and common configuration elements of the BMC Helix ITSM applications. BMC Product Name: UserBMC Helix ITSM 20.x: User Certification ASP Web-based Training Instructor-led Training Note: F

NAI BSM & ITSM Capabilities Overview Full Complement of ITIL Online Courses 1. ITIL/ITSM Awareness Training -Course Duration 2 hrs This Introduction training is perfectly suited for Managers, non core IT people who do need an overview of ITIL and ITSM 5. EXIN / ISEB Exam Preparation Guide -2.5 hrs

to the CEH pump's exceptional performance is an integrated first-stage centrifugal pump impeller that makes low-NPSHR operation possible. This combination side channel-centrifugal pump design enables SIHI CEH pumps to move gas-entrained fluids at net positive suction heads less than 0.5 m (1.64 ft).

EC-Council Certified Ethical Hacker (CEH 312-50) Background - 21.79% Network and Communication Technologies - Networking technologies (e.g., hardware, infrastructure). - Web technologies (e.g., web 2.0, skype). Systems technologie

CEH v11 Training is the second course in the new Vulnerability Assessment and Penetration Testing (VAPT) Track developed by EC-Council. In the latest version, EC-Council has added . COURSE OUTLINE. Module 07: Malware Threats Malware threat terminologies, viruses, worms, trojans, their analysis, and