Mobile MOUSe HACKING REVEALED ONLINE COURSE OUTLINE

Size: px

Start display at page:

Download "Mobile MOUSe HACKING REVEALED ONLINE COURSE OUTLINE"

Nicholas Webb
6 years ago
Views:

1 Mobile MOUSe HACKING REVEALED ONLINE COURSE OUTLINE

2 COURSE TITLE HACKING REVEALED COURSE DURATION 20 Hour(s) of Self-Paced Interactive Training COURSE OVERVIEW The Hacking Revealed course teaches individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. You will understand and know how to look for weaknesses and vulnerabilities in systems. Learn how to prevent DoS attacks, methods to prevent password hacking, and sniffer intrusions. Use the same knowledge and tools as a malicious hacker. If you are responsible or concerned about the integrity of your network infrastructure this is the course for you. This course will prepare you for the EC-Council exam BENEFITS Learn pre-emptive measures against malicious attacks by understanding how the attackers think Tom takes you through both sides of the hacking scenario; first as the "Bad-guy" and second as the "Good-guy" This course will give you everything you need to plan and implement a successful security policy. CONTACT Website : officeadmin@mobilemouse.com.au Telephone : Fax : PRICING Contact Mobile MOUSe for pricing. ADVANTAGES OF ONLINE COURSES Session times are at your discretion You can pick and choose which sessions to cover and in any order Learn at your own pace Free repetition (for a period of 6 months) Multiple course levels at a discounted price Many of the courses are internationally accredited Training from the comfort of your home or workstation Training can be accessed from any location

3 SESSION 1 Section A: Introduction to Ethical Hacking Prerequisites Benefits CEH Certification Security Triangle Security Terminology Section B: Ethics and the Hacker Hacker Classes Charitable Hacking Hacker Categories Types of Hacks Security Exploits Researching Vulnerabilities Cracking Ethical Hacking Stages Section C: Hacking Legalities Getting Permission Hack Phases Hack Reports Understanding Federal Law 1029 and 1030 Fraud Laws Ethical Hacking Approaches Common Hacking Sites Section D: Footprinting Concepts Reconnaissance Informational Gathering Pre-Attack Phases Footprinting Methodology Information Sources Defining the Network Range Section E: Web Footprinting Tools Company Web Sites Additional Web Sites Using Google Archive.org People Searches DNS Enumeration Robots.txt Section F: Local Footprinting Tools SIte Enumeration Using Wikto Tracking Web Data Extractor SmartWhois Traceroute Section G: Scanning for Gold Scanning Defined Scanning Types Scanning Methodology Finding Live Systems Understanding TCP Flags Three-Way Handshake Locating Open Ports Identifying Services Banner Grabbing Scanning for Vulnerabilities Diagramming the Network Preparing Proxies SESSION 2 Section A: Mastering Scanning Tools Ping Command Angry IP Scanner Nmap Switches Using Nmap IP Spoofing MBSA Section B: Enumeration Enumeration Defined Enumeration Types Basic NET Commands Using DumpSec Performing SuperScans Section C: Passwords Authentication Predictable Passwords Cracking Methods Secure Passwords Authentication Systems Storage Options Cracking Prevention Section D: Password Cracking Tools Historic/Modern Tools SMB Redirection LAN Manager Hashes NTLM Hash Example L0phtCrack Times Using L0phtCrack L0phtCrack Reports 8/08/2012 PAGE 1

4 Section E: Ownership Privileges Privilege Escalation Methods of Escalation Escalation Batch File Executing the Batch File Rootkits Rootkit Limitations Hiding Files Alternate Data Streams Section F: Trojan Horses Trojan Horses Defined Common Programs Trojan Horse Types Overt and Covert Communication Reverse-Connecting Trojans Netcat Setting up Netcat Server Connecting Netcat Server Entry Points Attack Indicators Port Redirection Section G: Sniffers Sniffer Applications Vulnerable Protocols Capture Windows Sharing FTP Logon Packets Authentication Packets SESSION 3 Section A: ARP, MAC, and DNS ARP Defined ARP Spoofing ARP Poisoning Tools MAC Flooding Flooding Tools DNS Poisoning Intranet Poisoning Internet Poisoning Proxy Server Poisoning DNS Cache Poisoning Section B: DoS Attacks Denial of Service DoS Methods DoS Types Smurf Attacks Smurfs Visualized SYN Attacks Section C: Social Engineering Introduction to Social Engineering Example Attacks Dumpster Diving Shoulder Surfing Eavesdropping Inside/Outside Attacks Reverse Social Engineering Section D: Advanced Social Engineering Phishing Attacks Identity Theft URL Obfuscation Hexadecimal Conversion Converting Hex to Decimal Message Tricks Programmatic Access Section E: Session Hijacking Hijacking Steps Active vs. Inactive Hijacking vs. Spoofing Sequence Numbers Hijacking Programs Dangers Section F: Web Servers Basic Functionality Web Communications Common Attacks Managing Patches Windows Server Update Services WSUS Process WSUS Requirements WSUS Group Policies Section G: Hacking Web Servers Server Vulnerabilities IIS Unicode Attack Metasploit Web Application Scanners Basic Countermeasures Specific Countermeasures Server Hardening Section H: Web Applications Web Applications Introduction Web Application Hacking Objectives Attack Anatomy Web Application Threats Cross-Site Scripting Attack Prevention Google Hacking Google Hacking Database 8/08/2012 PAGE 2

5 Section I: Cracking Web Passwords SESSION 4 HTTP Authentication Integrated Authentication Negotiate Authentication Certificate-Based Forms-Based RSA Secure Tokens Biometrics Password Misconceptions Section A: SQL Injections Understanding SQL SQL Versions SELECT Statements SELECT in Applications Injection Attacks Injecting Code How common is it? Injection Attack Objectives Countermeasures Section B: SQL Attacks Embedded SQL Retrieve All Records Dumping HTML Injecting Commands Installing WebGoat Opening WebGoat Basic SQL Injection Using WebScarab Intercepting Requests Advanced SQL Injections Section C: Wireless Vulnerabilities Eavesdropping Rogue Access Points Encryption Cracking Wireless Denial of Service Hijacking Legacy Security Section D: WEP Attacks WEP Defined Authentication Understanding WEP WEP Problems Cracking Tools Wireless Cracking Process Section E: WPA and EAP WPA and WPA2 Wi-Fi Protected Setup TKIP and CCMP 802.1X EAP EAP Framework Secure Management Role-Based Access Control WPA Attacks EAP Attacks Security Analysis Section F: Viruses and Worms Virus and Worm Summary Infection Indications Virus Phases Infection Process Types of Viruses Detection Avoidance Detection Methods Incident Response Section G: Physical Security Policies Understanding Physical Security Statistics Physical Security Defined Applications Accountability Factors Affecting Security Security Checklist 8/08/2012 PAGE 3

6 SESSION 5 Section A: Implementing Physical Security Locks Lock Picking Tools Authentication Security Personnel Physical Deterrents Video Monitoring Alarms Fasteners Section B: Linux Tracking Tools Portable Security Introduction to Linux Live Distros Targeting Linux OS Vulnerabilities Comparison Potential Vulnerabilities Scanning Password Cracking Using BackTrack Creating Users Cracking Passwords Section C: Compiling Linux Installation Process Installing a Kernel Patch Hardening Linux Services Bastille Lockdown Networking Network Analysis Firewall Settings Section D: Intrusion Monitoring Systems Network Firewalls Packet Filtering Firewalls Stateful Inspection Firewalls Proxy Firewalls Dynamic Firewalls Kernel Firewalls Personal Firewalls Intrusion Monitoring/Detection IDS Intrusion Detection Intrusion Prevention Systems IDS States Intrusion Indicators Section E: Evading IMS Avoid Detection Symptoms Network Symptoms IDS Tools Honeypots Configuring Honeypots HoneyBOT Options Connecting to Honeypots Section F: Buffer Overflows Buffer Overflows Defined Dependencies Attacker Knowledge Stack-Based Heap-Based Locating Buffer Overflows Mutation Techniques After the Attack Countermeasures SESSION 6 Section A: Cryptography Understanding Cryptography Steganography Simple Encryption Cryptography Concepts Cryptography Uses Encryption Types Encryption Applications Section B: Symmetric Cryptography Symmetric Encryption Symmetric Algorithms Encryption Solutions Blowfish DES AES RC4 Asymmetric Encryption Public Key Cryptography Certificates Public Key Infrastructure PKI Usage IPSec Section C: Multi-Hat Hacking Bluetooth Hacking Locating Bluetooth Devices Attacking Bluetooth iphone Hacking RFID Hacking Hacking Online Games Section D: Computer Forensics Introduction to Computer Forensics Information Collection Preserving State BackTrack and Forensics Evasion 8/08/2012 PAGE 4

Section E: Hack Prevention Disabling Services Configuring Services Password Policies User Rights Policies Using CACLS Setting Permissions Using GUI Enabling EFS Section F: Security Policies

7 Section E: Hack Prevention Disabling Services Configuring Services Password Policies User Rights Policies Using CACLS Setting Permissions Using GUI Enabling EFS Section F: Security Policies Importance of Policies General Policies Functional Policies SANS.org Customizing Policy Templates SESSION 7 Section A: Large Scale Security Threats Economic Espionage Defined Targeted Data Competitive Intelligence Understanding Computer Crime Laws Cyber Terrorism Spam Cyber Warfare Attacks Software Piracy Newsgroups Section B: Advanced Google Hacking Advanced Searching Capabilities Advanced Search Tips Google Hacking Database Browsable Directories Searching Specific Sites Searching File Types Searching Google Searching H-Sphere Section C: Information Gathering Tools Browsers Temporary Internet Files Browser History and Personal Data Browser Best Practices Key Logging Section D: Hacking Home Networks Home Devices Opening Back Doors Social Engineering Private Information Home Attack Scenario Wireless Hacks War-Driving Kits Section E: Attacking Database Servers Database Servers Database Attack Methods SQL Injection Attacks Databases Open Source vs. Closed Source Accessing Back-End Databases Section F: Spying Technologies Spying Spy Cameras Listening Devices Tracking Devices Section G: RSS and Atom Hacking Feed Types Remote Zone Risks Local Zone Risks Key Logging Risks Syndication Security Conclusion 8/08/2012 PAGE 5

ETHICAL HACKING & COMPUTER FORENSIC SECURITY

ETHICAL HACKING & COMPUTER FORENSIC SECURITY Course Description From forensic computing to network security, the course covers a wide range of subjects. You will learn about web hacking, password cracking,