EC001 EC-Council Ethical Hacking and Countermeasures (CEHv9)

Questo corso appartiene alla linea: EC-Council - Ethical Hacking
Durata: 4 Giorni e mezzo
Costo: € 3.500,00
Iva esclusa Condividi
EC001
Prossime edizioni
Data Sede
15-05-2017 Milano
12-06-2017 Roma
24-07-2017 Bologna
04-09-2017 Milano
06-11-2017 Roma
11-12-2017 Bologna

A chi è rivolto il corso?
Security officers; auditors; security professionals; site administrators; in generale a coloro che si occupano dell’integrità delle infrastrutture di rete.

Descrizione:

Nell'iscrizione a calendario è incluso il Kit CEHv9 che comprende:
- 2 student books
- 1 lab manual
- Accessi alla piattaforma ASPEN per usare gli strumenti online di supporto alla formazione
- 1 voucher per il relativo esame di certificazione con validità 1 anno
 
Questo corso permetterà agli studenti di lavorare in un ambiente interattivo dove verrà mostrato come eseguire scansioni, prove, attacchi e come rendere sicuri i propri sistemi.
L'ambiente di laboratorio offre ai partecipanti una conoscenza approfondita e un’esperienza pratica attraverso l’utilizzo dei principali e attuali sistemi di sicurezza. Gli studenti  potranno comprendere come  lavorano  i sistemi  di difesa perimetrali e vedere la scansione e l’attacco delle proprie reti.
Si acquisiranno le tecniche di intrusione, come fare privileges escalation e  quali  misure possono essere adottate per  garantire  la sicurezza del sistema. Si affronteranno inoltre argomenti quali:
Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows e Virus Creation.
Il corso è organizzato in una parte di aula con il docente e una parte in autoapprendimento. Il docente, all’inizio del corso, fornirà i dettagli delle parti da studiare in autoapprendimento.

PREREQUISITI (consigliati):

- conoscenza del protocollo TCP / IP 
- conoscenza base del sistema operativo Windows 
- conoscenza base del sistema operativo LINUX

 Nella quota del corso è incluso il voucher per sostenere il relativo esame di certificazione.

CONTENUTI

Module 01: Introduction to Ethical Hacking

    Ø  Essential Terminologies
    Ø  Elements of Information Security
    Ø  Authenticity and Non-Repudiation
    Ø  The Security, Functionality, and Usability Triangle
    Ø  Security Challenges
    Ø  Effects of Hacking
    Ø  Effects of Hacking on Business
    Ø  What Does a Hacker Do?
    Ø  Phase 1 - Reconnaissance
    Ø  Reconnaissance e Types
    Ø  Phase 2 - Scanning
    Ø  Phase 3 – Gaining Access
    Ø  Phase 4 – Maintaining Access
    Ø  Phase 5 – Covering Tracks
    Ø  Types of Attacks on a System
    Ø  Op rating System Attacks
    Ø  Application-Level Attacks
    Ø  Shrink Wrap Code Attacks
    Ø  Misconfiguration Attacks
    Ø  Why Ethical Hacking is Necessary?
    Ø  Defense in Depth
    Ø  Scope and Limitations of Ethical Hacking
    Ø  What Do Ethical Hackers Do?
    Ø  Skills of an Ethical Hacker
    Ø  Vulnerability Research
    Ø  Vulnerability Research Websites
    Ø  What is Penetration Testing?
    Ø  Why Penetration Testing?
    Ø  Penetration Testing Methodology
 

Module 02: Footprinting and Reconnaissance

    Ø  Footprinting Terminologies
    Ø  What is Footprinting?
    Ø  Objectives of Footprinting
    Ø  Footprinting Threats
    Ø  Finding a company’s URL
    Ø  Search for Company’s Information
    Ø  Tools to Extract Company’s Data
    Ø  Footprinting Through Search Engines
    Ø  People Search
    Ø  People Search Online Services
    Ø  People Search on Social Networking Services
    Ø  Footprinting Through Job Sites
    Ø  WHOIS Lookup
    Ø  WHOIS Lookup Result Analysis
    Ø  Extracting DNS Information
    Ø  DNS Interrogation Tools
    Ø  Locate the Network Range
    Ø  Traceroute
    Ø  Traceroute Analysis
    Ø  Traceroute Tools
    Ø  Mirroring Entire Web site
    Ø  Website Mirroring Tools
    Ø  Mirroring Entire Website Tools
    Ø  Extract Website Information from http://www.archiv.org
    Ø  Footprinting Google Hacking Techniques
    Ø  What a Hacker Can Do With Google Hacking?
    Ø  Google Advance Search Operators
    Ø  Finding Resources using Google Advance Operator
    Ø  Google Hacking Tool: Google Hacking Database (GH  B)
    Ø  Google Hacking Tools
    Ø  Additional Footprinting Tools
    Ø  Footprinting Countermeasures
    Ø  Footprinting Pen Testing
 

Module 03: Scaning Networks

    Ø  Network Scanning
    Ø  Types of Scanning
    Ø  hacking for Live Systems - IC
    Ø  Ping Sweep
    Ø  Ping Sweep Tools
    Ø  Three-Way Handshake
    Ø  TCP Communication Flags
    Ø  Create Custom Packet using TCP Flags 
    Ø  Scanning techniques
    Ø  TCP Connect / Full Open Scan
    Ø  Stealth Scan (Half-open Scan)
    Ø  Xmas Scan
    Ø  FIN Scan
    Ø  NULL Scan
    Ø  IDLE Scan
    Ø  ICMP Echo Scanning/List Scan
    Ø  SYN/FIN Scanning Using IP Fragments
    Ø  UDP Scanning
    Ø  Inverse TCP Flag Scanning
    Ø  ACK Flag Scanning
    Ø  Scanning: IDS Evasion Techniques
    Ø  IP Fragmentation Tools
    Ø  Scanning Tool: Nmap
    Ø  Scanning Countermeasures
    Ø  OS Fingerprinting
    Ø  Active Banner Grabbing Using Telnet
    Ø  Banner Grabbing Tool: ID Serve
    Ø  GET REQUESTS
    Ø  Banner Grabbing Tool: Netcraft
    Ø  Banner Grabbing Tools
    Ø  Banner Grabbing Countermeasures: Disabling or Changing Banner
    Ø  Hiding File Extensions
    Ø  Hiding File Extensions from Webpages
    Ø  Vulnerability Scanning
    Ø  Vulnerability scanning Tool: Nessus
    Ø  Network Vulnerability Scanners
    Ø  Network Mappers
    Ø  Proxy Servers
    Ø  Why Attackers Use Proxy Servers?
    Ø  Use of Proxies for Attack
    Ø  HTTP Tunneling Techniques
    Ø  Why do I need HTTP Tunneling?
    Ø  SSH Tunneling
    Ø  Spoofing IP Address
    Ø  IP Spoofing Countermeasures
    Ø  Scanning Pen Testing
 

Module 04: Enumeration

    Ø  What is Enumeration?
    Ø  Techniques for Enumeration
    Ø  Netbios Enumeration
    Ø  Enumerating User Accounts
    Ø  Enumerate Systems Using Default Passwords
    Ø  SNMP (Simple Network Management Protocol) Enumeration
    Ø  Management Information Base (MIB)
    Ø  SNMP Enumeration Tools
    Ø  SMTP Enumeration
    Ø  SMTP Enumeration Tool: NetScanTools Pro
    Ø  DNS Zone Transfer Enumeration Using nslookup
    Ø  Enumeration Countermeasures
    Ø  SMB Enumeration Countermeasures
    Ø  Enumeration Pen Testing
 

Module 05: System Hacking

    Ø  Information at Hand Before System Hacking Stage
    Ø  System Hacking: Goals
    Ø  CEH Hacking Methodology (CHM)
    Ø  Password Cracking
    Ø  Password Complexity
    Ø  Password Cracking Techniques
    Ø  Types of Password Attacks
    Ø  Passive Online Attacks: Wire Sniffing
    Ø  Password Sniffing
    Ø  Passive Online Attack: Man in-the-Middle and Replay Attack
    Ø  Active Online Attack: Password Guessing
    Ø  Active Online Attack: Trojan/Spyware/Keylogger
    Ø  Active Online Attack: Hash Injection Attack
    Ø  Rainbow Attacks: Pre-Computed Hash
    Ø  Distributed Network Attack
    Ø  Non-Electronic Attacks
    Ø  Default Passwords
    Ø  Manual Password Cracking (Guessing)
    Ø  Automatic Password Cracking Algorithm
    Ø  How Hash Passwords are Stored in Windows SAM?
    Ø  What is LAN Manager Hash?
    Ø  LM “Hash” Generation
    Ø  LM, NTLMv1, and NTLMv2
    Ø  NTLM Authentication Process
    Ø  Kerberos Authentication
    Ø  Cain & Abel
    Ø  Password Cracking Tools
    Ø  LM Hash Backward Compatibility
    Ø  How to Disable LM HASH?
    Ø  How to Defend against Password Cracking?
    Ø  Implement and Enforce Strong Security Policy
    Ø  Privilege Escalation
    Ø  Escalation of privileges
    Ø  Privilege Escalation Tools
   Ø  How to Defend against Privilege Escalation?
    Ø  Executing Applications
    Ø  Keylogger
    Ø  Keylogger
    Ø  Spyware
    Ø  What Does the Spyware Do?
    Ø  How to Defend against Keyloggers?
    Ø  How to Defend against Spyware?
    Ø  Rootkits
    Ø  Types of Rootkits
    Ø  How Rootkit Works?
    Ø  Detecting Rootkits
    Ø  Steps for Detecting Rootkits
    Ø  How to Defend against Rootkits?
    Ø  NTFS Data Stream
    Ø  What is Steganography?
    Ø  Steganography Techniques
    Ø  How Steganography Works?
    Ø  Why Cover Tracks?
    Ø  Covering Tracks
    Ø  Ways to Clear Online Tracks
    Ø  System Hacking Penetration Testing 
 

Module 06: Trojans and Backdoors

    Ø  What is a Trojan?
    Ø  Overt and Covert Channels
    Ø  Purpose of Trojans
    Ø  What Do Trojan Creators Look For?
    Ø  Indications of a Trojan Attack
    Ø  How to Infect Systems Using a Trojan?
    Ø  Wrappers
    Ø  Different Ways a Trojan can Get into a System
   Ø  How to Deploy a Trojan?
   Ø  Evading Anti-Virus Techniques
    Ø  How to Detect Trojans?
    Ø  Scanning for suspicious Ports
    Ø  Scanning for suspicious Processes
    Ø  Process Monitoring Tool: What's Running
    Ø  Process Monitoring Tools
    Ø  Scanning for Suspicious Registry Entries
    Ø  Registry Entry Monitoring Tools
    Ø  Scanning for Suspicious Device Drivers
    Ø  Scanning for Suspicious Windows Services
    Ø  Scanning for Suspicious Startup Programs
    Ø  Scanning for Suspicious Files and Folders
    Ø  Scanning for Suspicious Network Activities
    Ø  Trojan Countermeasures
    Ø  Backdoor Countermeasures
    Ø  Pen Testing for Trojans and Backdoors
 

Module 07: Viruses and Worms

    Ø  Introduction to Viruses
    Ø  Stages of Virus Life
    Ø  Working of Viruses: Infection Phase
    Ø  Working of  Viruses: Attack Phase
    Ø  Why Do People Create Computer Viruses?
    Ø  Indications of Virus Attack
    Ø  How does a Computer get Infected by Viruses?
    Ø  Transient and Terminate and Stay Resident Viruses
    Ø  Computer Worms
    Ø  How is a Worms Different from a Virus?
    Ø  Anti-Virus Sensors Systems
    Ø  Malware Analysis Procedure
    Ø  Compression and Decompression Tool: UPX
    Ø  Process Monitoring Tools: Process Monitor
    Ø  Debugging Tool: Ollydbg
    Ø  Online Malware Testing:
    Ø  Virus Total
    Ø  Online Malware Analysis Services
    Ø  Virus Detection Methods
    Ø  Virus and Worms Countermeasures
    Ø  Anti-virus Tools
    Ø  Penetration Testing for Virus
 

Module 08: Sniffers

    Ø  Lawful Intercept
    Ø  Benefits of Lawful Intercept
    Ø  Network Components Used for Lawful Interce t
    Ø  Wiretapping
    Ø  Sniffing Threats
    Ø  How a Sniffer Works?
    Ø  Hacker Attacking a Switch
    Ø  Types of Sniffing: Passive Sniffing
    Ø  Types of Sniffing: Active Sniffing
    Ø  Protocols vulnerable to Sniffing
    Ø  Tie to Data Link Layer in OSI Model
   Ø  Hardware Protocol Analyzers
   Ø  SPAN Port
    Ø  MAC Flooding
    Ø  MAC Address/CAM Table
    Ø  How CAM Works?
    Ø  What Happens When CAM Table is Full?
    Ø  Mac Flooding Switches with macof
    Ø  MAC Flooding Tool: Yersinia
    Ø  How to Defend against MAC Attack ?
    Ø  How DHCP Works?
    Ø  DHCP Request/Reply Messages
    Ø  IPv4 DHCP Packet Format
    Ø  What is Address Resolution Protocol (ARP)?
    Ø  ARP Spoofing Attack
    Ø  How Does ARP Spoofing Work?
    Ø  Threats of ARP Poisoning
    Ø  ARP Poisoning Tool: Cain and Abel
    Ø  ARP Poisoning Tool: Ettercap
    Ø  How to Defend Against ARP Poisoning? Use D and Dynamic ARP Inspection
    Ø  MAC Spoofing/Duplicating
    Ø  Spoofing Atta k Threats
    Ø  MAC Spoofing Tool: SMAC
    Ø  Sniffing Tool: Wireshark
    Ø  Follow TCP Stream in Wireshark
    Ø  Display Filters in Wireshark
    Ø  Additional Wireshark Filters
    Ø  Sniffing Tool: Tcpdump/Windump
    Ø  How an Attacker Hacks the Network Using Sniffers?
    Ø  How to Defend Against Sniffing?
    Ø  Sniffing Prevention Techniques
    Ø  How to Detect Sniffing?
 

Module 09: Social Engineering

    Ø  What is Social Engineering?
    Ø  Behaviors Vulnerable to Attacks
    Ø  Factors that Make Companies Vulnerable to Attacks
    Ø  Why is Social Engineering Effective?
    Ø  Warning Signs of an Attack
    Ø  Phases in a Social Engineering Attack
    Ø  Impact on the Organization
    Ø  Command Injection Attacks
    Ø  Common Targets of Social Engineering
    Ø  Common Targets of Social Engineering: Office Workers
    Ø  Types of Social Engineering
    Ø  Human-Based Social Engineering
    Ø  Technical Support Example
    Ø  Authority Support Example
    Ø  Human-based Social Engineering: Dumpster Diving
    Ø  Computer-Based Social Engineering
    Ø  Computer-Based Social Engineering: Pop-Ups
    Ø  Computer-Based Social Engineering: Phishing
    Ø  Insider Attack
    Ø  Disgruntled Employee
    Ø  Preventing Insider Threats
    Ø  Common Intrusion Tactics and strategies for Prevention
    Ø  Social Engineering Through Impersonation on Social Networking Sites
    Ø  Social Engineering Example: LinkedIn Profile
    Ø  Social Engineering on Facebook
    Ø  Social Engineering on Twitter
    Ø  Risks of Social Networking to Corporate Networks
    Ø  Social Engineering Countermeasures: Policies
    Ø  Social Engineering Countermeasures
    Ø  Social Engineering Pen Testing
    Ø  Social Engineering Pen Testing: Using Emails
    Ø  Social Engineering Pen Testing: Using Phone
    Ø  Social Engineering Pen Testing: In Person 
 

Module 10: Denial of Service

    Ø  What is a Denial of Service Attack?
    Ø  What is Distributed Denial of Service Attacks?
    Ø  How Distributed Denial of Service Attacks Work?
    Ø  Symptoms of a DoS Attack
    Ø  DoS Attack Techniques
    Ø  Botnet
    Ø  Botnet Propagation Technique
    Ø  DoS/DDoS Countermeasure Strategies
    Ø  Post-attack Forensics
    Ø  Techniques to Defend against Botnets
    Ø  DoS/DDoS Countermeasures
    Ø  DoS/DDoS Protection at ISP Level
    Ø  Denial of Service (DoS) Attack penetration Testing
 

Module 11: Session Hijacking

    Ø  What is Session Hijacking?
    Ø  Dangers Posed by Hijacking
    Ø  Why Session Hijacking is Successful?
    Ø  Key Session Hijacking Techniques
    Ø  Types of Session Hijacking
    Ø  Session Hijacking in OSI Model
    Ø  Application Level Session Hijacking
    Ø  Session Sniffing
    Ø  Predictable Session Token
    Ø  How to Predict a Session Token?
    Ø  Man-in-the-Middle Attack
    Ø  Man-in-the-Browser Attack
    Ø  Steps to Perform Man-in-the-Browser Attack
    Ø  Client-side Attacks
    Ø  Cross-site Script Attack
    Ø  The 3-Way Handshake
    Ø  Man-in-the-Middle Attack using Packet Sniffer
    Ø  Session Hijacking Tools
    Ø  Countermeasures
    Ø  Protecting against Session Hijacking
    Ø  Session Hijacking Pen Testing
 

Module 12: Hijacking Webservers

    Ø  Website Defacement
    Ø  Why Web Servers are Compromised?
    Ø  Impact of Webserver Attacks
    Ø  Webserver Misconfiguration
    Ø  Example
    Ø  Directory traversal Attacks
    Ø  Man-in-the-Middle Attack
    Ø  Webserver Password Cracking
    Ø  Webserver Password Cracking Techniques
    Ø  Web Application Attacks
    Ø  Webserver Attack Methodology
    Ø  Information Gathering
    Ø  Webserver Footprinting
    Ø  Webserver Footprinting Tools
    Ø  Mirroring a Website
    Ø  Vulnerability Scanning
    Ø  Session Hijacking
    Ø  Hacking Web Passwords
    Ø  Webserver Attack Tools
    Ø  Metasploit
    Ø  Metasploit Architecture
    Ø  Metasploit Exploit Module
    Ø  Metasploit Payload Module
    Ø  Metasploit Auxiliary Module
    Ø  Metasploit NOPS Module
    Ø  Web Password Cracking Tool
    Ø  THC-Hydra
    Ø  Countermeasures
    Ø  Patches and Updates
     Ø  Protocols
    Ø  Accounts
    Ø  Files and Directories
    Ø  How to Defend Against Web Server Attacks?
     Ø  How to Defend against HTTP Response Splitting and Web Cache Poisoning?
    Ø  Patches and Hotfixes
     Ø  What is Patch Management?
    Ø  Identifying Appropriate Sources for Updates and Patches
    Ø  Installation of a Patch
    Ø  Patch Management Tool: Microsoft Baseline Security Analyzer (MBSA)
    Ø  Patch Management Tools
    Ø  Web Server Security Scanner: Wikto
    Ø  Webserver Security Tools
    Ø  Web Server Penetration Testing 
 

Module 13: Hacking Web Applications

    Ø  Introduction to Web Applications
    Ø  Web Appli ation Components
    Ø  How Web Applications Work?
    Ø  Web Attack Vectors
    Ø  Unvalidated Input
    Ø  Parameter/Form Tampering
    Ø  Directory traversal
    Ø  Security Misconfiguration
    Ø  Injection Flaws
    Ø  SQL Injection Attacks
    Ø  Command Injection Attacks
    Ø  Command Injection Example
    Ø  File Injection Attack
    Ø  Cross-Site Scripting (XSS) Attacks
    Ø  How XSS Attacks Work?
    Ø  Cross-Site Scripting Attack Scenario: Attack via Email
    Ø  XSS Example: Attack via Email
    Ø  XSS Example: Stealing Users' Cookies
    Ø  XSS Example: Sending an Unauthorized Request
    Ø  XSS Attack in Blog Posting
    Ø  XSS Attack in Comment Field
    Ø  XSS Cheat Sheet
    Ø  Web Application Denial-of-Service (DoS) Attack
    Ø  Denial of Service (DoS) Examples
    Ø  Buffer Overflow Attack
    Ø  Cookie/Session Poisoning
    Ø  How Cookie Poisoning Works?
    Ø  Web Services Architecture
    Ø  Web Services Attack
    Ø  Web Services Footprinting Attack
    Ø  Web Services XML Poisoning
     Ø  Footprint Web Infrastructure
     Ø  Footprint Web Infrastructure: Server Discovery
    Ø  Footprint Web Infrastructure: Server Identification/Banner Grabbing
    Ø  Footprint Web Infrastructure: Hidden Content Discovery
    Ø  Web Spidering Using Burp Suite
    Ø  Hacking Web Servers
    Ø  Analyze Web Applications
    Ø  Analyze Web Applications: Identify Entry Points for User Input
    Ø  Analyze Web Applications: Identify Server-Side Technologies
    Ø  Analyze Web Applications: Identify Server-Side Functionality
    Ø  Analyze Web Applications: Map the Attack Surface
    Ø  Attack Authentication Mechanism
    Ø  Username Enumeration
    Ø  Password Attacks: Password Functionality Exploits
    Ø  Password Attacks: Password Guessing
    Ø  Password Attacks: Brute-forcing
     Ø  Cookie Exploitation: Cookie Poisoning
    Ø  Authorization Attack
    Ø  HTTP Request Tampering
    Ø  Authorization Attack: Cookie Parameter Tampering
    Ø  Session Management Attack
    Ø  Attacking Session Token Generation Mechanism
    Ø  Attacking Session Tokens Handling Mechanism: Session Token Sniffing
    Ø  Injection Attacks
    Ø  Attack Data Connectivity
    Ø  Connection String Injection
    Ø  Connection String Parameter Pollution (CSPP) Attacks nection Pool DoS
    Ø  Connection Pool DoS
    Ø  Attack Web App Client
    Ø  Attack Web Services
    Ø  Web Application Hacking Tool: Burp Suite Professional
    Ø  Encoding Schemes
    Ø  How to Defend Against SQL Injection Attacks?
    Ø  How to Defend Against Command Injection Flaws?
    Ø  How to Defend Against XSS Attacks?
    Ø  How to Defend Against DoS Attack?
    Ø  How to Defend Against Web Services Attack?
    Ø  Web Application Countermeasures
    Ø  Web Application Pen Testing
    Ø  Information Gathering
    Ø  Authentication Testing
    Ø  Session Management Testing
    Ø  Authorization Testing
    Ø  Data Validation Testing
    Ø  Denial of Service Testing
    Ø  Web Services Testing
    Ø  AJAX Testing
 

Module 14: SQL Injection

    Ø  SQL Injection Threat
    Ø  What is SQL Injection?
    Ø  SQL Injection Attacks
    Ø  How Web Applications Work?
    Ø  Server Side Technologies
    Ø  SQL Injection Detection
    Ø  SQL Injection Error Messages
    Ø  SQL Injection Attack Characters
    Ø  Additional Methods to Detect SQL Injection
    Ø  SQL Injection Black Box Pen Te ting
    Ø  Testing for SQL Injection
    Ø  Types of SQL Injection
    Ø  Simple SQL Injection Attack
    Ø  Union SQL Injection Example
    Ø  SQL Injection Error Based
    Ø  What is Blind SQL Injection?
   Ø  No Error Messages Returned
    Ø   Blind SQL Injection: WAITFOR DELAY YES or NO Response
    Ø  Blind SQL Injection – Exploitation (MySQL)
    Ø  Blind SQL Injection - Extract Database User
    Ø  Blind SQL Injection - Extract Database Name
    Ø  Blind SQL Injection - Extract Column Name
    Ø  Blind SQL Injection - Extract Data from ROWS
    Ø  SQL Injection Methodology
    Ø  Information Gathering
    Ø  Extracting Information through Error Messages
    Ø   Understanding SQL Query
    Ø  Bypass Website Logins Using SQL Injection
     Ø  Database, Table, and Column Enumeration
    Ø  Advanced Enumeration
    Ø  Features of Different DBMSs
    Ø  Creating Database Accounts
    Ø  Password Grabbing
    Ø  Grabbing SQL Server Hashes
    Ø  Extracting SQL Hashes (In a Single Statement)
    Ø  Transfer Database to Attacker’s Machine
    Ø  Interacting with the operating system
    Ø  Interacting with the FileSystem
    Ø  SQL Injection Tools
    Ø  SQL Injection Tools: BSQLHacker
    Ø  Evading IDS
    Ø  Types of Signature Evasion Techniques
    Ø  Evasion Technique: Char Encoding
    Ø  Evasion Technique: Obfuscated Codes
    Ø  How to Defend Against SQL Injection Attacks?
    Ø  How to Defend Against SQL Injection Attacks: Use Type-Safe SQL Parameters
 

Module 15: Hacking Wireless Networks

    Ø Wireless Networks
 

Module 16: Evading IDS, Firewalls, and Honeypots

    Ø  Intrusion detection Systems (IDS) and its Placement
    Ø  How IDS Works?
    Ø  Ways to Detect an Intrusion
    Ø  Types of Intrusion Detection Systems
    Ø  System Integrity Verifiers (SIV)
    Ø  General Indications of Intrusions
    Ø  General Indications of System Intrusions
    Ø  Firewall
    Ø  Firewall Architecture
    Ø  DeMilitarized Zone (DMZ)
    Ø  Types of Firewall
    Ø  Packet Filtering Firewall
    Ø  Circuit-Level Gateway Firewall
    Ø  Application-Level Firewall
    Ø  Stateful Multilayer Inspection Firewall
    Ø  Firewall Identification
    Ø  Port Scanning
    Ø  Firewalking
    Ø  Banner Grabbing
    Ø  Honeypot
    Ø  Types of Honeypots
    Ø  Intrusion Detection Tool
    Ø  Snort
    Ø  Snort Rules
    Ø  Firewall: Sunbelt Personal Firewall
    Ø  Firewalls
    Ø  Evasion
    Ø  Denial-of-Service Attack (DoS)
    Ø  Obfuscating
    Ø  Fragmentation Attack
    Ø  Polymorphic Shellcode
    Ø  ASCII Shellcode
    Ø  Application-Layer Attacks
    Ø  Bypass a Firewall using Proxy Server
    Ø   Bypassing Firewall through ICMP Tunneling Method
    Ø  Bypassing Firewall through ACK Tunneling Method
    Ø  Bypassing Firewall through HTTP Tunneling Method
    Ø  Bypassing Firewall through External Systems
    Ø  Bypassing Firewall through MITM Attacks
    Ø  Countermeasures
    Ø  Firewall/IDS Penetration Testing
    Ø  Firewall Penetration Testing
    Ø  IDS Penetration Testing
 

Module 17: Buffer Overflow

    Ø  Buffer Overflows
    Ø  Why are Programs And Applications Vulnerable?
    Ø  Understanding Stacks
    Ø  Stack-Based Buffer Overflow
    Ø  Understanding Heap
    Ø  Heap-Based Buffer Overflow
    Ø  Stack Operations
    Ø  Shellcode
    Ø  No Operations (NOPs)
    Ø  Knowledge Required to Program Buffer Overflow Exploits
    Ø  Buffer Overflow Steps
    Ø  Attacking a Real Program
    Ø  Format String Problem
    Ø  Overflow using Format String
    Ø   Smashing the Stack
    Ø  Once the Stack is Smashed...
    Ø  Simple Uncontrolled Overflow
    Ø  Simple Buffer Overflow in C
    Ø  Code Analysis
    Ø  Exploiting Semantic Comments in C (Annotations)
    Ø   How to Mutate a Buffer Overflow Exploit?
    Ø  Identifying Buffer Overflows
    Ø  How to Detect Buffer Overflows in a Program?
    Ø  BOU (Buffer Overflow Utility)
    Ø  Testing for Heap Overflow Conditions: heap.exe
    Ø  Steps for Testing for Stack Overflow in OllyDbg Debugger
    Ø  Testing for Stack Overflow in OllyDbg Debugger
    Ø  BoF Detection Tools
    Ø  Defense Against Buffer Overflo  s
    Ø  Preventing BoF Attacks
    Ø  Programming Countermeasures
    Ø  Data Execution Prevention (DEP)
    Ø  /GS http://microsoft.com
    Ø  BoF Security Tools
    Ø  BufferShield
    Ø  Buffer Overflow Penetration Testing
 

Module 18: Cryptography

    Ø  Cryptogra hy
    Ø  Types of Cryptography
    Ø  Public Key Infrastructure (PKI)
    Ø  Certification Authorities
    Ø  Digital Signature
    Ø  SSL (Secure Sockets Layer)
    Ø  Transport Layer Security (TLS)
    Ø  Online MD5 Decryption Tool
 

Module 19: Penetration Testing

    Ø  Introduction to Penetration Testing
    Ø  Security Assessment
    Ø  Vulnerability Assessment
    Ø  Limitations of Vulnerability Assessment
    Ø  Penetration Testing
    Ø  Why Penetration Testing?
    Ø  What Should be Tested?
    Ø  What Makes a Good penetration Test?
    Ø  ROI on Penetration Testing
    Ø  Testing Points
    Ø  Testing Locations
    Ø  Types of Penetration Testing
    Ø  External Penetration Testing
    Ø  Internal Security Assessment
    Ø  Black-box Penetration Testing
    Ø  Grey-box Penetration Testing
    Ø  White-box Penetration Testing
    Ø  Announced /unannounced Testing
    Ø  Automated Testing
    Ø  Manual Testing
    Ø  Common Penetration Testing Techniques
    Ø  Using DNS Domain Name and IP Address Information
    Ø  Enumerating Information about Hosts on Publicly-Available Networks
    Ø  Phases of Penetration Testing
    Ø  Pre-Attack Phase
    Ø  Attack Phase
    Ø  Activity Perimeter Testing
    Ø   Enumerating Devices
    Ø  Activity: Acquiring Target
    Ø  Activity: Escalating Privileges
    Ø  Activity: Execute, Implant, and Retract
    Ø  Post-Attack Phase and Activities
     Ø  Penetration Testing Deliverable Templates
     Ø  Application Security Assessment
    Ø  Web Application Testing - I
    Ø  Web Application Testing - II
    Ø  Web Application Testing - III
    Ø  Network Security Assessment
     Ø  Wireless/Remote Access Assessment
    Ø  Wireless Testing
    Ø  Telephony Security Assessment
    Ø  Social Engineering
    Ø  Testing Network-Filtering Devices
    Ø  Denial of Service Emulation
    Ø  Outsourcing Penetration Testing Services
    Ø  Terms of Engagement
    Ø  Project Scope
    Ø  Pentest Service Level Agreements
    Ø  Penetration Testing Consultants
    Ø  Evaluating Different types of Pentest Tool
    Ø  Application Security assessment Tool
    Ø  Webscarab
    Ø  Network Security Assessment Tool
    Ø  Angry IP scanner
    Ø  GFI LANguard
 

EC-council

Dotazione:
Ciascun partecipante avrà a disposizione una postazione allestita con i sistemi operativi ed il software necessario alle esercitazioni.

0 commenti trovati
Per lasciare un commento devi effettuare il Login con lo username e la password che ti sono stati inviati quando ti sei iscritto ad uno dei nostri corsi.