Lesson 1: MODULE 1 - An Introduction to Penetration Testing
- What is Penetration Testing? (Blackbox vs Whitebox testing)
- What are the responsibilities for a Penetration Tester?
- An Overview of the Open-Source Security Testing Methodology Manual
- Methodology for Penetration Testing
- Penetration Testing Options
- Vulnerability Result Report Writing
- Understanding Hackers
- What Hackers Do - Hacker's / Administrators View
- Who Are Hackers
- Categorizing Hackers
- Attack Categories
- Intrusion Methods
- The Security Process and The CIA Model
- Threat Analysis
|
|
Lesson 2: MODULE 2 - Active-Passive Reconnaissance Techniques
- Planning and starting the test
- Information Gathering & Footprinting
- Passive information Gathering
- Basic Search Techniques
- Using Search Engines
- Advanced Search Techniques (Spam DBs, P2P networks)
- Google Hacking Techniques (Google cache)
- Finding Interesting Files and Directories (robots.txt)
- Searching Newsgroups
- Whois Search
- Active information Gathering
- Site Mapping/Mirroring (wget) and why it's useful
- Using Information Gathering Tools (tracert, nslookup, zone transfer)
|
Lesson 3: Scanning & Fingerprinting
- Port Scanning Techniques
- Using port Scanning Tools
- Types of port scan
- TCP connect () scan
- TCP SYN scan
- IP protocol scan
- TCP FIN scan
- NULL scan
- Xmas scan
- ACK scan
- Idle scan
- An introduction to netcat
- What is netcat
- How do you use netcat
- Advanced netcat usage
- An introduction to hping
- What is hping
- How do you use hping
- Advanced hping usage
- OS Fingerprinting - how does it work?
- OS Fingerprinting Tools (xprobe, nmap, cheops & p0f)
- Service probing
- Using Telnet
- Using netcat
- Using nmap
- How service probing also helps with OS fingerprints
- OS Fingerprint Countermeasures
|
Lesson 4: Enumeration
- Understanding Enumeration
- Types of Enumeration
- NetBIOS Enumeration
- Users and Groups
- Using net Command
- Using NBSTAT
- SNMP Enumeration
- Public Strings (bruteforcing them)
- SNMPwalk
- Advanced SNMP enumeration
- AD Enumeration
- An introduction to LDAP
- Using LDAP techniques with AD
- Using Enumeration Tools:
- Linux & Windows Tools will be covered
- Lab Session
|
Lesson 5: MODULE 3 - Cryptography Decrypted
- What is Cryptography?
- PKI and Public Key cryptography
- Hashing/Message digests
- Distribution of keys (X.509, PGP)
- Common Standards (SSL, IPSec, DES, AES, Blowfish, MD5, SHA-1)
- Lab Session
|
|
Lesson 6: MODULE 4 - Vulnerability Assessment
- Understanding Vulnerabilities
- Types of vulnerability
- Techniques for Finding Vulnerability
- Automated vulnerability Scanning tools
- Open Source vulnerability scanners
- Commercial vulnerability Scanners
- Microsoft MBSA
- X-Scan Scanner
- Retina Scanner
- GFI LANguard Network Security Scanner
- Lab Session
|
Lesson 7: MODULE 5 - Hacking Windows
- Windows Architecture Overview
- Rights Management Services / Identity Integration Server
- Vulnerabilities & attacks
- Remote password guessing
- Tapping The Wire
- Privilege escalation
- Password cracking
- keystroke loggers
- Password sniffers
- Covering tracks
- Hiding files
- Buffer overflows
- Lab Session
|
Lesson 8: MODULE 6 - Advanced Vulnerability & Exploitation Techniques
- How Does an Exploit Works?
- Exploit Example
- Defense against buffer overflows
- Privilege Escalation
- The Metasploit Project
- CORE Impact In-depth
- Lab Session
|
Lesson 9: MODULE 7 - Malware
- Defining Malware: Trojans and backdoors
- How Trojans and Backdoors Operate
- Comprehending backdoor variants
- Netcat Indepth
- Switches
- Overview of various Trojan tools
- Learning effective prevention methods and countermeasures
- Monitoring Port Usage
- File Protection
- Overview of Anti-Trojan Software/Hardware
- Generating a Trojan program
- Lab Session
|
|
Lesson 10: MODULE 8 - Packet Sniffing - Session Hijacking
- What is packet sniffing?
- Passive and Active Sniffing
- Sniffing Tools
- What is promiscuous mode?
- The basics of packet sniffing
- Sniffing Hub - switch based networks
- ARP Spoofing - Poisoning
- DNS and IP Sniffing and Spoofing
- HTTPS and SSH Sniffing
- Changing MAC address
- Tools of the trade
- TCP/IP Stream re-assembly
- Detecting packet sniffers?
- ARP Spoofing countermeasures
- TCP/IP Session Hijacking
- TCP in-depth
- Active/Passive Hijacking
- Spoofing versus hijacking
- Defending against Hijacking
- How do you hijack a session?
- Man in the Middle concepts
- ISN's (Initial Sequence Numbers)
- Lab Session
|
Lesson 11: MODULE 9 - Attacking Networks - Routers, Firewalls and IDS
- Overview of Firewall's and IDS
- IDS Architecture
- CIDF model of a network IDS Design
- How to bypass Firewall and IDS using Tools
- How to perform attacks on Firewall and IDS.
- Hacking Tools - Fragrouter, Anzen NIDSbench
- Paketto Keiretsu Toolset
- Traceroute in-depth
- Packet Integrity
- Minewt 1.0
|
Lesson 12: MODULE 10 - Attacking Linux
- You will be introduced to core concepts of Linux operating system
- Linux Concepts
- Linux File System
- Linux - The Kernel
- Linux Shell
- Linux Configuration Files
- Linux File Permission and Access
- Examine intricacies of Linux vulnerabilities
- Physical Access
- Root kits
- Understand how an attacker can enter into the system
- Linux Tools
- How to control the attacker and minimize loss by hardening system.
- Root Kit Countermeasure's
|
Lesson 13: MODULE 11 - Attacking Databases
- Core concepts of databases
- Types of Databases
- The basic concepts of database and DBMS
- The different functions of DBMS
- Intricacies of different database vulnerabilities and exploits
- SQL Injection in-depth
- Credit Card Threats
- Extended Stored Procedures
- Login Threats
- Methods to secure the database
- Oracle
- MySQL
- MS-SQL Server
- Detection and patching
- Various tools and techniques
- Lab Session
|
|
Lesson 14: MODULE 12 - Attacking Web Technologies
- Web Server Assessment Overview
- Introduction to Web Servers
- Web Server Market
- Popular Web Servers and common Vulnerabilities
- Web Server Exploits
- Apache Web Server Security
- IIS Server Security
- Attacking IIS Server
- IIS Architecture
- Attacks against Web Servers
- Buffer Overflows
- Printer Overflows
- Tools used in Attacking Web Servers
- Web Server Countermeasures
- Web Application Vulnerabilities
- Web Application Penetration Methodologies
- Understanding Web Application Security
- Common Web Application Security Vulnerabilities
- Input Manipulation
- Authentication And Session Management
- Tools: Lynx, Teleport Pro, Black Widow, Web Sleuth
- Web Application Countermeasures
- Password Cracking Techniques
- Certificate Based Authentication
- Forms Based Authentication
- Password Guessing
- WebCracker
- Brutus
- ObiWan Password Cracker
- Lab Session
|
Lesson 15: MODULE 13 - Attacking Wireless Networks
- Introduction to Wireless Networks
- Wireless LAN network types
- Deployed Standards
- A vs B vs G
- SSID
- WEP
- WPA vs WEP
- MAC Spoofing
- EAP Types
- Message Integrity Check
- Security Mechanisms in Wireless LAN
- Vulnerabilities
- Attacks
- Attack Tools
- Defense strategies
- Lab Session
|
Lesson 16: MODULE 14 - Managing Operational Security
- Establishing Security Policies and Procedures
- What are security policies and procedures
- What are the legal reason for security policies and procedures
- Educating Users About Security Policies
- Common vulnerabilities introduced by users
- Training and awareness
- Applying Security Policies to Operational Management
- Methods of enforcing policies
- Resolving Ethical Dilemmas When Securing Assets
|
Lesson 17: MODULE 15 - Preserving Business Continuity
- Preparing to Recover from Disasters
- Most Common Causes of Business Disruption
- Defining Business Continuity Planning
- Disaster Recovery Planning and Implementation
- Communicating the Impact of Risks
- Risk Terminology
- Relationship to Threats and Vulnerabilities
- Risk Mitigation
- Performing a Secure Backup and Recovery
- Elements of a Secure Backup Strategy
- Guidelines for Securing Backup Media
- Guidelines for Securely Testing the Restoration Process
|
|
Lesson 18: MODULE 16 - Responding to Security Incidents
- Identifying Security Incidents
- Common Indicators of Security Incidents
- Symptoms of Well-Known Attacks
- Account Activity That May Signal an Attack
- System Activity That May Signal an Attack
- Guidelines for Reviewing Log Files
- Responding to Security Incidents
- What Is an Incident Response Team?
- Guidelines for Responding to a Security Incident
- Guidelines for Determining the Severity of an Incident
- Guidelines for Limiting Damage from an Incident
- Guidelines for Communicating About an Incident
- Investigating Security Incidents
- What Are the Sources of Evidence?
- Electronic Evidence to Examine
- Guidelines for Preserving Electronic Evidence
- Guidelines for Analyzing Electronic Evidence
|
|
|
| Top |
|