Certified Ethical Hacker – Outline
Module 1: Ethics and Legality
§ Why Security? § The Security, functionality and ease of use Triangle § Can Hacking be Ethical? § Essential Terminology. § Elements of Security. § Legal Perspective (US Federal Laws).
|
||
Module 2: Foot printing
§ Defining Footprinting. § Information Gathering Methodology. § Locate the Network Range. § Hacking Tools: § Whois § Nslookup § ARIN § Traceroute § NeoTrace § VisualRoute Trace § SmartWhois
|
||
|
||
Module 4: Enumeration
§ What is Enumeration? § NetBios Null Sessions § Hacking Tools § DumpSec § Winfo § NetBIOS Auditing Tool (NAT) § Null Session Countermeasures § NetBIOS Enumeration § Hacking Tool :NBTScan § Simple Network Management Protocol (SNMP) Enumeration § Hacking Tools § Solarwinds § Enum § SNScan § SNMP Enumeration Countermeasures § Management Information Base (MIB) § Windows 2000 DNS Zone Transfer § Blocking Win 2k DNS Zone Transfer § Enumerating User Accounts § Hacking Tools § User2sid and Sid2user § UserInfo § GetAcct § DumpReg § Trout § Winfingerprint § PsTools (PSFile,PSLoggedOn,PSGetSid,PSInfo,PSService,PSList,PSKill, § PSSuspend, PSLogList, PSExec, PSShutdown) § Active Directory Enumeration and Countermeasures
|
||
Module 5: System Hacking
|
||
Module 6: Trojans and Backdoors
|
||
Module 7: Sniffers
|
||
Module 8: Denial of Service
|
||
Module 9: Social Engineering
§ What is Social Engineering? § Art of Manipulation § Human Weakness § Common Types of Social Engineering § Human Based Impersonation § Example of social engineering § Computer Based Social Engineering § Reverse Social Engineering § Policies and procedures § Security Policies-checklist
|
||
Module10: Session Hijacking
§ Understanding Session Hijacking § Spoofing vs Hijacking § Steps in Session Hijacking § Types of Session Hijacking § TCP Concepts 3 Way Handshake § Sequence numbers § Hacking Tools § Juggernaut § T-Sight § TTY Watcher § IP Watcher § Hunt § Paros v3.1.1 § TTY-Watcher § IP Watcher § T-sight § Remote TCP Session Reset Utility § Dangers Posed by Session Hijacking § Protection against Session Hijacking § Countermeasures: IP Security
|
||
Module 11: Hacking Web Servers
|
||
Module 12: Web Application Vulnerabilities
|
||
Module 13: Web Based Password Cracking Techniques
§ Authentication- Definition § Authentication Mechanisms § HTTP Authentication § Basic Authentication § Digest Authentication § Integrated Windows (NTLM) Authentication § Negotiate Authentication § Certificate-based Authentication § Forms-based Authentication § Microsoft Passport Authentication § What is a Password Cracker? § Modus Operandi of an Attacker using Password Cracker § How does a Password Cracker work? § Attacks- Classification § Password Guessing § Query String § Cookies § Dictionary Maker § Password Crackers Available § LOphtcrack § John The Ripper § Brutus § Obiwan § Authforce § Hydra § Cain and Abel § RAR § Gammaprog § Hacking Tools: § WebCracker § Munga Bunga § PassList § Read Cookies § SnadBoy § WinSSLMiM § “Mary had a Little Lamb” Formula § Countermeasures
|
||
Module 14: SQL Injection § Attacking SQL Servers § SQL Server Resolution Service (SSRS) § Osql-L Probing § Port Scanning § Sniffing, Brute Forcing and finding Application Configuration Files § Tools for SQL Server Penetration Testing § SQLDict § SqlExec § SQLbf § SQLSmack § SQL2.exe § AppDetective § Database Scanner § SQLPoke § NGSSQLCrack § NGSSQuirreL § SQLPing v2.2 § OLE DB Errors § Input Validation Attack § Login Guessing & Insertion § Shutting Down SQL Server § Extended Stored Procedures § SQL Server Talks § Preventive Measures
|
||
Module 15: Hacking Wireless Networks
|
||
Module 16 : Virus and Worms
|
||
Module 17: Physical Security
§ Security statistics § Physical Security breach incidents § Understanding Physical Security § What is the need of Physical Security? § Who is Accountable for Physical Security? § Factors affecting Physical Security § Physical Security checklist § Company surroundings § Premises § Reception § Server § Workstation Area § Wireless Access Points § Other Equipments such as fax, removable media etc § Access Control § Computer Equipment Maintenance § Wiretapping § Remote access § Lock Picking Techniques § Spying Technologies
|
||
Module 18: Linux Hacking
|
||
Module 19: Evading Firewalls, IDS and Honeypots
|
||
Module 20 : Buffer Overflows
|
||
Module 21 : Cryptography
|
||
Module 22 : Penetration Testing
|
As a practicing author, I have always adopted an instinctive logic it felt natural to focus on the subject -> come
up with ideas/answers -put it on paper. Yet, nothing could save me was writing
concerning thermodynamics, by way of example, which, as you can guess, is not
my primary field of experience. Anyhow, I took some Terrific tips from your writing
style, thanks for that:slightly_smiling_face: