What’s included?
Physical Courseware
1 year Access To EC-Council Student LMS for Practical Labs (if applicable), testing, and Certificate
Related Certificates:
Ethical Hacking & Countermeasure Specialist: Attack Phases
Ethical Hacking and Countermeasures: Threats and Defense Mechanisms
Ethical Hacking and Countermeasures: Linux, Macintosh and Mobile Systems
Ethical Hacking and Countermeasures: Secure Network Infrastructures
Physical Courseware
1 year Access To EC-Council Student LMS for Practical Labs (if applicable), testing, and Certificate
Related Certificates:
Ethical Hacking & Countermeasure Specialist: Attack Phases
Ethical Hacking and Countermeasures: Threats and Defense Mechanisms
Ethical Hacking and Countermeasures: Linux, Macintosh and Mobile Systems
Ethical Hacking and Countermeasures: Secure Network Infrastructures
Course Briefing
1.Session Hijacking
Chapter Brief:
Session Hijacking refers to the exploitation of a valid computer session where an attacker takes over a session between two computers. The attacker steals a valid session ID which he uses to get into the system and extract the data. Session hijacking includes attacks such as “TCP session hijacking”, “Blind hijacking”, and “Man-in-the-Middle (MITM) attacks”.
2.Hacking Web Servers
Chapter Brief:
Often a breach in security causes more damage in terms of goodwill than in actual quantifiable loss. This makes web server’s security critical to the normal functioning of an organization. There are inherent security risks associated with web servers, the local area networks that host web sites and users who access these web sites using browsers. Compromised web servers can expose the Local Area Network (LAN) or the corporate network to Internet threats.
3.Web Application Vulnerabilities
Chapter Brief:
A web application is comprised of many layers of functionality. However, it is considered a three-layered architecture consisting of presentation, logic, and data layers. A web application is composed with several components such as web server, the application content that resides on the web server, and a typically back end data store where the application accesses and interfaces with.
The vulnerabilities in the web applications including the cross-site flaws, buffer overflows, and injection flaws may be used to launch several attacks on the web applications.
4.Web-Based Password-Cracking Techniques
Chapter Brief:
Authentication is any process by which one verifies that someone actually is who he/she claims to be. Typically, this involves a user name and a password. A password cracker is an application to restore the stolen/forgotten passwords of a network resource or of a desktop computer. It can also be used to help a human cracker to obtain unauthorized access to resources.
5.Hacking Web Browsers
Chapter Brief:
Today, web browsers such as Internet Explorer, Mozilla Firefox, and Apple Safari (to name a few), are installed on almost all computers. As web browsers are used frequently, it is vital to configure them securely. Often, the web browser that comes with an operating system is not set up in a secure default configuration. Not securing your web browser can quickly lead to a variety of computer problems caused by anything from spyware being installed without your knowledge to intruders taking control of your computer.
This module familiarizes you with hacking different web browsers and explains how web browsers work and access HTML documents. Hacking Firefox using Firefox spoofing, information leak and password vulnerabilities are explained. Security tools and Firefox security features secure Firefox from being hacked.
6.SQL Injection
Chapter Brief:
SQL commands such as INSERT, RETRIEVE, UPDATE, and DELETE are used to perform operations on the database. Programmers use these commands to manipulate the data in the database server.
SQL injection is defined as a technique that takes advantage of non-validated input vulnerabilities and injects the SQL commands through a web application that are executed in a back-end database.
7.Hacking Database Servers
Chapter Brief:
Database servers house critical information that includes corporate, customer, and financial data. This information could be used by the attackers to tarnish the reputation of the organization or for monitory reasons. Hacking the databases could run an organization out of business or cost them millions of dollars.
This module depicts how databases are vulnerable to attacks. Attackers use TCP port scan to find an Oracle database server on the network. Once the Oracle database server has been traced, the first port of call is made to the TNS Listener. Using PL/SQL Injection, attackers can potentially elevate their level of privilege from a low-level PUBLIC account to an account with DBA-level privileges.
The module also deals with the security issues and type of Database attacks and describes hacking tricks that an attacker uses to exploit SQL server systems.
Chapter Brief:
Session Hijacking refers to the exploitation of a valid computer session where an attacker takes over a session between two computers. The attacker steals a valid session ID which he uses to get into the system and extract the data. Session hijacking includes attacks such as “TCP session hijacking”, “Blind hijacking”, and “Man-in-the-Middle (MITM) attacks”.
This module explains about the hijacking of a valid computer session. It briefs about the session hijacking process, techniques used in hijacking, and steps to perform session hijacking. It explains the two levels of performing session hijacking that include: network level hijacking and application level hijacking. It explains about the different tools to perform session hijacking.
Chapter Brief:
Often a breach in security causes more damage in terms of goodwill than in actual quantifiable loss. This makes web server’s security critical to the normal functioning of an organization. There are inherent security risks associated with web servers, the local area networks that host web sites and users who access these web sites using browsers. Compromised web servers can expose the Local Area Network (LAN) or the corporate network to Internet threats.
This module deals with the hacking of web servers. It explains about web server defacement, Apache web server security, attacks against IIS, and web server vulnerabilities. It discusses about “Patch Management” and vulnerability scanners.
Chapter Brief:
A web application is comprised of many layers of functionality. However, it is considered a three-layered architecture consisting of presentation, logic, and data layers. A web application is composed with several components such as web server, the application content that resides on the web server, and a typically back end data store where the application accesses and interfaces with.
The vulnerabilities in the web applications including the cross-site flaws, buffer overflows, and injection flaws may be used to launch several attacks on the web applications.
This module explains about the vulnerabilities that are possible in web applications. It explains about the objectives of web application hacking, anatomy of an attack, and countermeasures. It explains about the tools used for hacking web applications.
Chapter Brief:
Authentication is any process by which one verifies that someone actually is who he/she claims to be. Typically, this involves a user name and a password. A password cracker is an application to restore the stolen/forgotten passwords of a network resource or of a desktop computer. It can also be used to help a human cracker to obtain unauthorized access to resources.
This module explains about the web-based password cracking techniques. It explains about the authentication mechanisms, HTTP authentication, Integrated Windows (NTLM) Authentication, certificate-based authentication, forms-based authentication, RSA SecurID Token, Biometrics authentication, and types of biometrics authentication. The module briefs about how to crack the passwords and lists the tools for password cracking.
Chapter Brief:
Today, web browsers such as Internet Explorer, Mozilla Firefox, and Apple Safari (to name a few), are installed on almost all computers. As web browsers are used frequently, it is vital to configure them securely. Often, the web browser that comes with an operating system is not set up in a secure default configuration. Not securing your web browser can quickly lead to a variety of computer problems caused by anything from spyware being installed without your knowledge to intruders taking control of your computer.
This module familiarizes you with hacking different web browsers and explains how web browsers work and access HTML documents. Hacking Firefox using Firefox spoofing, information leak and password vulnerabilities are explained. Security tools and Firefox security features secure Firefox from being hacked.
Redirection information disclosure and Window injection vulnerabilities are used for hacking Internet Explorer. Different browser settings and Internet explorer security features are mentioned for securing Internet explorer. Different vulnerabilities present in Opera, Safari, and Netscape are described. This module also lists the different security features and browser settings of Opera, Safari, and Netscape.
Chapter Brief:
SQL commands such as INSERT, RETRIEVE, UPDATE, and DELETE are used to perform operations on the database. Programmers use these commands to manipulate the data in the database server.
SQL injection is defined as a technique that takes advantage of non-validated input vulnerabilities and injects the SQL commands through a web application that are executed in a back-end database.
The module deals with exploiting a web application by injecting the SQL code. The module explains about SQL Injection techniques and attacks on the web applications. It briefs about SQL Injection in different databases, SQL Injection tools, Blind SQL Injection, SQL Injection defense and detection Tools, and SQL Injection countermeasures.
Chapter Brief:
Database servers house critical information that includes corporate, customer, and financial data. This information could be used by the attackers to tarnish the reputation of the organization or for monitory reasons. Hacking the databases could run an organization out of business or cost them millions of dollars.
This module depicts how databases are vulnerable to attacks. Attackers use TCP port scan to find an Oracle database server on the network. Once the Oracle database server has been traced, the first port of call is made to the TNS Listener. Using PL/SQL Injection, attackers can potentially elevate their level of privilege from a low-level PUBLIC account to an account with DBA-level privileges.
The module also deals with the security issues and type of Database attacks and describes hacking tricks that an attacker uses to exploit SQL server systems.
Course Outline
Chapter 1: Session Hijacking
- Case Example
- Introduction to Session Hijacking
- What is Session Hijacking
- Understanding Session Hijacking
- Spoofing vs. Hijacking
- Packet Analysis of a Local Session Hijack
- Steps in Session Hijacking
- Session Hijacking Process
- Session Hijack Attack Scenario
- Types of Session Hijacking
- Session Hijacking Levels
- Spoofing Versus Hijacking
- Network Level Hijacking
o The Three-Way Handshake
o TCP Concepts 3-Way Handshake
o Sequence Numbers
o Sequence Number Prediction
o TCP/IP Hijacking
o IP Spoofing: Source Routed Packets
o RST Hijacking
o RST Hijacking Tool: hijack_rst.sh
o # ./hijack_rst.sh
o Blind Hijacking
o Man-in-the-Middle Attack using Packet Sniffer
o UDP Hijacking
- Application Level Hijacking
- Session Hijacking Tools
o IP Watcher
o Remote TCP Session Reset Utility
o Paros HTTP Session Hijacking Tool
o Dnshijacker Tool
o Hjksuite Tool
- Countermeasures
o Protecting against Session Hijacking
o Methods to Prevent Session Hijacking (To be Followed by Web Developers)
o Methods to Prevent Session Hijacking: (To be Followed by Web Users)
o Defending against Session Hijack Attacks
o Session Hijacking Remediation
o IPSec
· Modes of IPSec
· IPSec Architecture
· Components of IPSec
· IPSec Authentication and Confidentiality
· IPSec Protocol:
§ AH
§ ESP
· IPSec Implementation
Chapter 2: Hacking Web Servers
- Case Example
- Introduction to Hacking Web Servers
- Sources of Security Vulnerabilities in Web Servers
- Web Attack Impacts
- Web Site Defacement
- How are Web Servers Defaced
- Attacks Against IIS
o IIS 7 Components
- Unicode
o Unicode Directory Traversal Vulnerability
o IIS Directory Traversal (Unicode) Attack
- Hacking Tool: IISxploit.exe
- Msw3prt IPP Vulnerability
- RPC DCOM Vulnerability
- ASP Trojan (cmd.asp)
- IIS Logs
- Tools
o Network Tool: Log Analyzer
o Hacking Tool: CleanIISLog
o IIS Security Tool: Server Mask
o ServerMask ip100
o CacheRight
o HttpZip
o LinkDeny
o ServerDefender AI
o ZipEnable
o W3compiler
o Yersinia
o Metasploit Framework
o KARMA
o Karmetasploit
· Prerequisites for Karmetasploit
· Running Karmetasploit
o Immunity CANVAS Professional
o Core Impact
o MPack
o Neosploit
- Patch Management
- Vulnerability Scanners
Chapter 3: Web Application Vulnerabilities
§ Introduction to Web Application Vulnerabilities
§ Web Applications
§ Web Application Architecture Components
§ Web Application Vulnerability Characteristics
§ Top Web Application Vulnerabilities
§ Common Web-Based Applications Attacks
§ Unvalidated Input
§ Broken Access Control
o Broken Account and Session Management
§ Web Application Hacking
§ Anatomy of an Attack
§ Web Application Threats
§ Cross-Site Scripting/XSS Flaws
o An Example of XSS
o Countermeasures
§ SQL Injection
§ Command Injection Flaws
o Countermeasures
§ Cookie/Session Poisoning
o Countermeasures
§ Parameter/Form Tampering
§ Hidden Field
§ Buffer Overflow
o Countermeasures
§ Directory Traversal/Forceful Browsing
o Countermeasures
§ Cryptographic Interception
§ Cookie Snooping
§ Authentication Hijacking
o Countermeasures
§ Log Tampering
§ Error Message Interception
§ Attack Obfuscation
§ Platform Exploits
§ DMZ Protocol Attacks
§ DMZ
o Countermeasures
§ Security Management Exploits
§ Web Services Attacks
§ Zero-Day Attacks
§ Network Access Attacks
§ TCP Fragmentation
§ DNS Poisoning
§ Web Application Hacking Tools
o Wget
· GUI for Wget
o WebSleuth
o BlackWidow
o SiteScope
o WSDigger :Web Services Testing Tool
o CookieDigger
o SSLDigger
o WindowBomb
· WindowBomb: Report
o Burp:
· Positioning Payloads
· Configuring Payloads and Content Enumeration
· Password Guessing
o Burp Proxy:
· Intercepting HTTP/S Traffic
· Hex-editing of Intercepted Traffic
· Browser Access to Request History
o Burpsuite cURL
Chapter 4: Web-Based Password-Cracking Techniques
§ Introduction to Web-Based Password-Cracking Techniques
§ Authentication
o Authentication – Definition
o Authentication Mechanisms
· HTTP Authentication
§ Basic Authentication
§ Digest Authentication
o Integrated Windows (NTLM) Authentication
o Negotiate Authentication
o Certificate-based Authentication
o Forms-Based Authentication
o RSA SecurID Token
o Biometrics Authentication
· Types of Biometrics Authentication
§ Fingerprint-Based Identification
§ Hand Geometry-Based Identification
§ Retina Scanning
§ Afghan Woman Recognized After 17 Years
§ Face Recognition
§ Face Code: WebCam Based Biometrics Authentication System
§ Password Cracking
§ Password Cracking Tools
o L0phtcrack (LC4)
o John the Ripper
o Brutus
o Obiwan
o Authforce
o Hydra
o Cain & Abel
o RAR
o Gammaprog
o WebCracker
o Munga Bunga
o PassList
o SnadBoy
o MessenPass
o Wireless WEP Key Password Spy
o RockXP
o Password Spectator Pro
o WWWhack
o SamInside
o Lm2ntcrack
o Windows Password Cracker
o MDB Password Cracker
o Password Recovery Bundle 2009
o Advanced FTP Password Recovery
o Kernel SQL Password Recovery
o AirGrab Password PRO
o Visual Zip Password Recovery Processor
o Email Password Hacking Software
o Passwordstate
Chapter 5: Hacking Web Browsers
- Introduction
- How Web Browsers Work
§ Hacking Firefox
o Firefox Proof of Concept Information Leak Vulnerability
o Firefox Spoofing Vulnerability
o Password Vulnerability
o Firefox Command Line URI Handling Vulnerability
o Firefox Code Execution Vulnerability
o Concerns With Saving Form or Login Data
o Cleaning Up Browsing History
o Cookies
o Internet History Viewer: Cookie Viewer
· Firefox Security
o Blocking Cookies Options
o Tools For Cleaning Unwanted Cookies
o Tool: CookieCuller
o Getting Started
o Main Setting
o Privacy Settings
o Security Settings
o Content Settings
o Clear Private Data
o Mozilla Firefox Security Features
- Hacking Internet Explorer
o Redirection Information Disclosure Vulnerability
o Window Injection Vulnerability
o Internet Explorer Vulnerabilities
§ Internet Explorer Security
o Getting Started
o Security Zones
o Custom Level
o Trusted Sites Zone
o Privacy
o Overwrite Automatic Cookie Handling
o Per Site Privacy Actions
o Disable Third-party Browser Extensions
o Specify Default Applications
o Internet Explorer Security Features
- Hacking Opera
o JavaScript Invalid Pointer Vulnerability
o BitTorrent Header Parsing Vulnerability
o Torrent File Handling Buffer Overflow Vulnerability
o URL Handling Code Execution Vulnerability
o Opera Stored Cross Site Scripting (XSS) Vulnerability
o Opera Security and Privacy Features
- Hacking Safari
- Securing Safari
Chapter 6: SQL Injection
§ Case Example
§ Introduction to SQL Injection
§ SQL Injection Techniques
o SQL Manipulation
o Code Injection
o Function Call Injection
o Buffer Overflows
o Exploiting Web Applications
o What Attackers Look For
o OLE DB Errors
o Input Validation Attack
o SQL Injection Techniques
§ How to Test for an SQL Injection Vulnerability
§ How It Works
- SQL Injection in Different Databases
o SQL Injection in Oracle
o SQL Injection in MySql Database
o Attacks Against Microsoft SQL Server
§ Tools for Automated SQL Injection
§ Blind SQL Injection
§ SQL Injection Countermeasures
§ Preventing SQL Injection Attacks
- SQL Injection Defense and Detection Tools
o SQL Block
o Acunetix Web Vulnerability Scanner
Chapter 7: Hacking Database Servers
§ Introduction to Hacking Database Servers
- Hacking Oracle Database Server
o Attacking Oracle
o Security Issues in Oracle
o Types of Database Attacks
o How to Break into an Oracle Database and Gain DBA Privileges
§ Hacking an SQL Server
o How an SQL Server Is Hacked
§ Security Tools
§ Security Checklists
0 comments:
Post a Comment