Table of Contents
1) Ethical Hacking and Penetration Testing
1.1 Security 101
1.2 Hacking hall of fame
1.3 Risk management
1.4 What is ethical hacking?
1.5 Types of security tests
1.6 Red teams
1.7 Testing methodology
1.8 VMWare workstation
1.9 Linux is a must
2) Footprinting and Reconnaissance
2.1 Desired information
2.2 Countermeasures to information leakage
2.3 Social engineering
2.4 DNS zone transfer
2.5 Tracing out a network path
2.6 War dialing for hanging modems
2.7 Case study: www.guidedogs.com
2.8 Footprinting countermeasures
2.9 Review
3) TCP/IP Basics and Scanning
3.1 The OSI odel
3.2 TCP/IP protocol suite layers
3.3 Ping sweeps
3.4 Port scanning
3.5 Review
4) Enumeration and Verification
4.1 Operating system identification
4.2 SNMP overview
4.3 NetBios/CIFS/SMB
4.4 SIDs
4.5 LDAP and active directory
4.6 GUI tools to perform the same actions
4.7 Review
5) Hacking and Defending Wireless Devices and Modems
5.1 Phones and modems
5.2 Wireless networks
5.3 Review
6) Hacking and Defending Web Servers
6.1 HTTP
6.2 Apache Web server functionality
6.3 Microsoft Internet Information Server (IIS)
6.4 Web server vulnerability scanners
6.5 Review
7) Hacking and Defending Web Applications
7.1 Background on web threats
7.2 Functional survey of applications
7.3 Attacking authentication
7.4 Attacking authorization
7.5 Input validation attacks
7.6 Attacking session state
7.7 Attacking web clients
7.8 Preventing input validation attacks
7.9 Secure cookies
7.10 Strong authentication
7.11 Session state management
7.12 XXS countermeasures
7.13 HTTP code auditing
7.14 Review
8) Sniffers and Session Hijacking
8.1 Sniffers
8.2 ARP poisoning
8.3 MAC flooding
8.4 DNS spoofing
8.5 IP spoofing
8.6 Session hijacking
8.7 Review
9) Hacking and Defending Windows Systems
9.1 Physical attacks
9.2 LANMAN hashing and weaknesses
9.3 Windows NT hashing and weaknesses
9.4 Looking for users and passwords
9.5 Operating system attacks
9.6 Hiding tracks
9.7 Securing services by patching
9.8 Removing unused services
9.9 Removing or masking banners
9.10 Securing services: NetBIOS
9.11 Strong three-factor authentication
9.12 Creating strong passwords
9.13 File permissions
9.14 Review
10) Hacking and Defending Unix Systems
10.1 Physical attacks on Linux
10.2 Password cracking
10.4 Stack operation
10.5 Race condition errors
10.6 Format string errors
10.7 File system attacks
10.8 Hiding tracks
10.9 Hardening Unix/Linux systems
10.10 Using SSH and VPNs to prevent sniffing
10.11 Review
11) Rootkits, Backdoors, Trojans, and Tunnels
11.1 Types of rootkits
11.2 Netcat
11.3 Trojans
11.4 Tunnels
11.5 Manually deleting logs
11.6 Review
12) Denial of Service and Botnets
12.1 DoS Attacks
12.2 Botnets
13) Automated Pen Testing Tools
13.1 Introduction
13.2 Core Impact™
13.3 Canvas™ framework
13.4 Metasploit framework
13.5 Review
14) Intrusion Detection Systems
14.1 What is an IDS?
14.2 Types of IDS
14.3 Anomaly detection
14.4 Signature detection
14.5 Common IDS software products
14.6 Introduction to snort
14.7 Attacking an IDS
14.9 Review
15) Firewalls
15.1 Firewall types
15.2 Host-based firewall
15.3 Network-based firewall
15.4 DMZ (Demilitarized Zone)
15.5 Why do I need a firewall?
15.6 Firewall vulnerabilities
15.7 IP Tables/NetFilter
15.8 Persistent firewalls
15.9 Firewall identification
15.10 Hacking tools
15.11 Review
16) Honeypots and Honeynets
16.1 What is a Honeypot?
16.2 Types of Honeypots
16.3 Categories of Honeypots
16.4 Tarpits
16.5 Low-interaction Honeypot: Kfsensor
16.6 Low-interaction Honeypot: Honeyd
16.7 High-interaction Honeypot
16.8 Honeynets
16.9 Legal issues
16.10 Review