Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Accredited Training Center Ethical Hacking and Countermeasures- v6 HACKER MŨ TRẮNG - v6 Tổng quan Khóa học tạo cho học viên một môi trường tương tác. Trong môi trường này học viên sẽ được hướng dẫn cách quét, kiểm tra, hack và bảo mật những hệ thống của chính họ . Với môi trường Lab chuyên sâu sẽ trang bị cho mỗi học viên kiến thức sâu rộng và kinh nghiệm thực hành với các hệ thống bảo mật cần thiết hiện thời. Khởi đầu học viên sẽ hiểu được cách thức bảo vệ, quét và cách thức tấn công hệ thống mạng. Sau đó học viên sẽ được học cách mà những kẻ đột nhập sử dụng để gia tăng phạm vi ảnh hưởng và những bước có thể tiến hành để bảo mật một hệ thống. Các học viên cũng sẽ học cách phát hiện xâm nhập, hoạch định chính sách, cách tấn công DDoS, làm tràn bộ nhớ đệm và tạo ra các loại Virus. Sau khi kết thúc khóa học chuyên sâu trong 60 giờ, học viên sẽ nắm vững kiến thức và kinh nghiệm trong Ethical Hacking. Khóa học cung cấp kiến thức và chuẩn bị cho bạn dự thi môn CEH (EC-Council Certified Ethical Hacker) môn thi CEH312-50. Đối tượng Khóa học bổ ích cho các nhân viên có trách nhiệm kiểm soát và đảm bảo an ninh mạng, các chuyên viên bảo mật, các nhà quản trị, và bất kỳ ai quan tâm về sự toàn vẹn của cơ sở hạ tầng mạng. Thời lượng 40 giờ Chứng chỉ Khóa học này cung cấp cho học viên những kiến thức và kỹ năng cần thiết để học viên có thể vượt qua bài thi CEH 312-50. Sau khóa học, học viên sẽ nhận được chứng chỉ hoàn thành khóa học của EC-Council . Để nhận được chứng chỉ quốc tế CEH học viên cần phải vượt qua kỳ thi trực tuyến CEH 312-50 tại các trung tâm khảo thí Prometric. Thỏa thuận pháp lý Sứ mệnh của chương trình CEH là giáo dục, giới thiệu, và cung cấp ra các công cụ hack chỉ dành cho mục đích kiểm tra sự xâm nhập. Trước khi tham gia khóa học này, học viên sẽ phải ký thỏa thuận cam kết học viên sẽ không sử dụng các kỹ năng mới học được để dùng cho các tấn công bất hợp pháp hay cố tình làm hại. Học viên sẽ không sử dụng những công cụ đó để làm hại bất kỳ hệ thống máy tính nào, và mượn danh EC-Council để sử dụng hay lạm dụng những công cụ này, dù không chủ ý. Không phải ai cũng được học chương trình này. Các đơn vị đào tạo ủy quyền của EC-Council sẽ phải đảm bảo người nộp đơn vào học làm việc cho các công ty hoặc các tổ chức hợp pháp. ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center Nội dung khóa học – phiên bản 6 Chương trình CEHv6 bao gồm giảng dạy trên lớp và tự nghiên cứu. Giảng viên sẽ cung cấp chi tiét các học phần tự nghiên cứu cho học viên ngay từ đầu khóa học. Module 1: Introduction to Ethical Hacking Problem Definition -Why Security? Essential Terminologies Elements of Security The Security, Functionality and Ease of Use Triangle Case Study What does a Malicious Hacker do? o Vulnerability Research Websites National Vulnerability Database (nvd.nist.gov) Securitytracker (www.securitytracker.com) Securiteam (www.securiteam.com) Secunia (www.secunia.com) Hackerstorm Vulnerability Database Tool (www.hackerstrom.com) o Phase2-Scanning HackerWatch (www.hackerwatch.org) o Phase3-Gaining Access MILWORM o Phase4-Maintaining Access How to Conduct Ethical Hacking o Phase5-Covering Tracks How Do They Go About It Types of Hacker Attacks Approaches to Ethical Hacking o Operating System attacks Ethical Hacking Testing o Application-level attacks Ethical Hacking Deliverables o Shrink Wrap code attacks Computer Crimes and Implications Reconnaissance Types o Vulnerability Research Tools o Phase1-Reconnaissaance o Why Hackers Need Vulnerability Research o Misconfiguration attacks Hacktivism Hacker Classes Security News: Suicide Hacker Ethical Hacker Classes What do Ethical Hackers do Can Hacking be Ethical How to become an Ethical Hacker Skill Profile of an Ethical Hacker What is Vulnerability Research ITPro Global ® 2009 www.itpro.net.vn Module 2: Hacking Laws § U.S. Securely Protect Yourself Against Cyber Trespass Act (SPY ACT) § Legal Perspective (U.S. Federal Law) o 18 U.S.C. § 1029 Penalties o 18 U.S.C. § 1030 Penalties o 18 U.S.C. § 1362 Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center o 18 U.S.C. § 2318 § France Laws o 18 U.S.C. § 2320 § German Laws o 18 U.S.C. § 1831 § Italian Laws o 47 U.S.C. § 605, unauthorized publication or use of communications § MALAYSIA: THE COMPUTER CRIMES ACT 1997 o Washington: § HONGKONG: TELECOMMUNICATIONS RCW 9A.52.110 § Korea: ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION, ETC. o Florida: § 815.01 to 815.07 § Greece Laws o Indiana: § Denmark Laws IC 35-43 § Netherlands Laws § Federal Managers Financial Integrity Act of 1982 § Norway § The Freedom of Information Act 5 U.S.C. § 552 § ORDINANCE § Mexico § Federal Information Security Management Act (FISMA) § The Privacy Act Of 1974 5 U.S.C. § 552a § SWITZERLAND Module 3: Footprinting § USA Patriot Act of 2001 Revisiting Reconnaissance § United Kingdom’s Cyber Laws Defining Footprinting § United Kingdom: Police and Justice Act 2006 Why is Footprinting Necessary Areas and Information which Attackers Seek Information Gathering Methodology § European Laws § Japan’s Cyber Laws § Australia : The Cybercrime Act 2001 o Unearthing Initial Information · Finding Company’s URL § Indian Law: THE INFORMTION TECHNOLOGY ACT · Internal URL § Argentina Laws · Extracting Archive of a Website § Germany’s Cyber Laws § www.archive.org § Singapore’s Cyber Laws · Google Search for Company’s Info § Belgium Law · People Search § Brazilian Laws § Yahoo People Search § Canadian Laws § Satellite Picture of a Residence ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center § Best PeopleSearch o Alchemy Network Tool § People-Search-America.com o Advanced Administrative Tool § Switchboard o My IP Suite § Anacubis o Wikto Footprinting Tool § Google Finance o Whois Lookup § Yahoo Finance o Whois · Footprinting through Job Sites o SmartWhois · Passive Information Gathering o ActiveWhois · Competitive Intelligence Gathering o LanWhois § Why Do You Need Competitive Intelligence? o CountryWhois o WhereIsIP § Competitive Intelligence Resource o Ip2country § Companies Providing Competitive Intelligence Services o CallerIP § Carratu International o Web Data Extractor Tool § CI Center o Online Whois Tools § Competitive Intelligence - When Did This Company Begin? How Did It Develop? o What is MyIP o DNS Enumerator § Competitive Intelligence - Who Leads This Company o SpiderFoot o Nslookup § Competitive Intelligence - What Are This Company's Plans § Competitive Intelligence - What Does Expert Opinion Say About The Company § Competitive Intelligence - Who Are The Leading Competitors? § Competitive Intelligence Tool: Trellian § Competitive Intelligence Tool: Web Investigator · Public and Private Websites Footprinting Tools o Sensepost Footprint Tools o Big Brother o BiLE Suite ITPro Global ® 2009 www.itpro.net.vn o Extract DNS Information Types of DNS Records Necrosoft Advanced DIG o Expired Domains o DomainKing o Domain Name Analyzer o DomainInspect o MSR Strider URL Tracer o Mozzle Domain Name Pro o Domain Research Tool (DRT) o Domain Status Reporter Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center o Reggie Faking Websites using Man-in-the-Middle Phishing Kit Benefits to Fraudster Steps to Perform Footprinting o Locate the Network Range · ARIN · Traceroute § Traceroute Analysis · 3D Traceroute Module 4: Google Hacking § What is Google hacking · NeoTrace § What a hacker can do with vulnerable site · VisualRoute Trace § Anonymity with Caches · Path Analyzer Pro § Using Google as a Proxy Server · Maltego § Directory Listings · Layer Four Traceroute o Locating Directory Listings · Prefix WhoIs widget o Finding Specific Directories · Touchgraph o Finding Specific Files · VisualRoute Mail Tracker o Server Versioning · eMailTrackerPro · Read Notify § Going Out on a Limb: Traversal Techniques E-Mail Spiders o Directory Traversal st o 1 E-mail Address Spider o Incremental Substitution o Power E-mail Collector Tool § Extension Walking o GEOSpider Site Operator o Geowhere Footprinting Tool intitle:index.of o Google Earth error | warning o Kartoo Search Engine login | logon o Dogpile (Meta Search Engine) username | userid | employee.ID | “your username is” password | passcode | “your password is” admin | administrator o Tool: WebFerret o robots.txt o WTR - Web The Ripper o admin login o Website Watcher Steps to Create Fake Login Pages How to Create Fake Login Pages ITPro Global ® 2009 www.itpro.net.vn –ext:html –ext:htm –ext:shtml –ext:asp – ext:php inurl:temp | inurl:tmp | inurl:backup | inurl:bak Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center intranet | help.desk o Default Pages Query for Web Server Locating Public Exploit Sites o Outlook Web Access Default Portal o Locating Exploits Via Common Code Strings Searching for Passwords o Windows Registry Entries Can Reveal Passwords Searching for Exploit Code with Nonstandard Extensions Locating Source Code with Common Strings Locating Vulnerable Targets Google Hacking Database (GHDB) o Locating Targets Via Demonstration Pages SiteDigger Tool o Usernames, Cleartext Passwords, and Hostnames! Gooscan “Powered by” Tags Are Common Query Fodder for Finding Web Applications Goolink Scanner o Locating Targets Via Source Code Goolag Scanner Vulnerable Web Application Examples Tool: Google Hacks o Locating Targets Via CGI Scanning Google Hack Honeypot A Single CGI Scan-Style Query Google Protocol Directory Listings Google Cartography o Finding IIS 5.0 Servers Module 5: Scanning Web Server Software Error Messages Scanning: Definition o IIS HTTP/1.1 Error Page Titles Types of Scanning o “Object Not Found” Error Message Used to Find IIS 5.0 Objectives of Scanning CEH Scanning Methodology o Apache Web Server Apache 2.0 Error Pages o Checking for live systems - ICMP Scanning Application Software Error Messages · Angry IP o ASP Dumps Provide Dangerous Details · HPing2 o Many Errors Reveal Pathnames and Filenames · Ping Sweep · Firewalk Tool o CGI Environment Listings Reveal Lots of Information · Firewalk Commands Default Pages · Firewalk Output o A Typical Apache Default Web Page · Nmap o Locating Default Installations of IIS 4.0 on Windows NT 4.0/OP · Nmap: Scan Methods · NMAP Scan Options ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center · NMAP Output Format · TCP Communication Flags · Three Way Handshake o Atelier Web Ports Traffic Analyzer (AWPTA) o Atelier Web Security Port Scanner (AWSPS) o Syn Stealth/Half Open Scan o IPEye o Stealth Scan o ike-scan o Xmas Scan o Infiltrator Network Security Scanner o Fin Scan o YAPS: Yet Another Port Scanner o Null Scan o Advanced Port Scanner o Idle Scan o NetworkActiv Scanner o ICMP Echo Scanning/List Scan o NetGadgets o TCP Connect/Full Open Scan o P-Ping Tools o FTP Bounce Scan o MegaPing · o LanSpy Ftp Bounce Attack o SYN/FIN Scanning Using IP Fragments o HoverIP o UDP Scanning o LANView o Reverse Ident Scanning o NetBruteScanner o RPC Scan o SolarWinds Engineer’s Toolset o Window Scan o AUTAPF o Blaster Scan o OstroSoft Internet Tools o Portscan Plus, Strobe o Advanced IP Scanner o IPSec Scan o Active Network Monitor o Netscan Tools Pro o Advanced Serial Data Logger o WUPS – UDP Scanner o Advanced Serial Port Monitor o Superscan o WotWeb o IPScanner o Antiy Ports o Global Network Inventory Scanner o Port Detective o Net Tools Suite Pack o Roadkil’s Detector o Floppy Scan o Portable Storage Explorer o FloppyScan Steps o E-mail Results of FloppyScan ITPro Global ® 2009 www.itpro.net.vn War Dialer Technique o Why War Dialing Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center o Wardialing o Nessus o Phonesweep – War Dialing Tool o GFI Languard o THC Scan o Security Administrator’s Tool for Analyzing Networks (SATAN) o ToneLoc o Retina o ModemScan o Nagios o War Dialing Countermeasures: Sandtrap Tool o PacketTrap's pt360 Tool Suite Banner Grabbing o NIKTO o OS Fingerprinting § SAFEsuite Internet Scanner, IdentTCPScan · Active Stack Fingerprinting · Passive Fingerprinting o Cheops o Active Banner Grabbing Using Telnet o Friendly Pinger o GET REQUESTS o LANsurveyor o P0f – Banner Grabbing Tool o Ipsonar o p0f for Windows o LANState o Httprint Banner Grabbing Tool § Insightix Visibility o Tool: Miart HTTP Header § IPCheck Server Monitor o Tools for Active Stack Fingerprinting · Xprobe2 · Ringv2 · Netcraft o Disabling or Changing Banner o IIS Lockdown Tool o Tool: ServerMask o Hiding File Extensions o Tool: PageXchanger Vulnerability Scanning o Bidiblah Automated Scanner o Qualys Web Based Scanner o SAINT o ISS Security Scanner ITPro Global ® 2009 www.itpro.net.vn Draw Network Diagrams of Vulnerable Hosts § PRTG Traffic Grapher Preparing Proxies o Proxy Servers o Free Proxy Servers o Use of Proxies for Attack o SocksChain o Proxy Workbench o Proxymanager Tool o Super Proxy Helper Tool o Happy Browser Tool (Proxy Based) o Multiproxy o Tor Proxy Chaining Software o Additional Proxy Tools Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center · o Anonymizers Despoof Tool · Surfing Anonymously Scanning Countermeasures · Primedius Anonymizer Tool: SentryPC · StealthSurfer · Anonymous Surfing: Browzar · Torpark Browser Overview of System Hacking Cycle · GetAnonymous What is Enumeration? · IP Privacy Techniques for Enumeration · Anonymity 4 Proxy (A4Proxy) NetBIOS Null Sessions · Psiphon o So What's the Big Deal · Connectivity Using Psiphon o DumpSec Tool · AnalogX Proxy o NetBIOS Enumeration Using Netview · NetProxy · Nbtstat Enumeration Tool · Proxy+ · SuperScan · ProxySwitcher Lite · Enum Tool · JAP o Enumerating User Accounts · Proxomitron · Module 6: Enumeration o Google Cookies · G-Zapper GetAcct o Null Session Countermeasure PS Tools o SSL Proxy Tool o PsExec o How to Run SSL Proxy o PsFile o HTTP Tunneling Techniques o PsGetSid · Why Do I Need HTTP Tunneling o PsKill · Httptunnel for Windows o PsInfo · How to Run Httptunnel o PsList · HTTP-Tunnel o PsLogged On · HTTPort o PsLogList o Spoofing IP Address o PsPasswd · Spoofing IP Address Using Source Routing o PsService · Detection of IP Spoofing ITPro Global ® 2009 www.itpro.net.vn o PsShutdown Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center o PsSuspend o Terminal Service Agent Simple Network Management Protocol (SNMP) Enumeration o TXNDS o Unicornscan o Management Information Base (MIB) o Amap o SNMPutil Example o SolarWinds o SNScan o Getif SNMP MIB Browser o UNIX Enumeration o SNMP UNIX Enumeration o SNMP Enumeration Countermeasures o LDAP enumeration o JXplorer o LdapMiner o Softerra LDAP Browser o NTP enumeration o SMTP enumeration o Netenum Steps to Perform Enumeration Module 7: System Hacking Part 1- Cracking Password o CEH hacking Cycle o Password Types o Types of Password Attack · · Passive Online Attack: Man-in-themiddle and replay attacks · Active Online Attack: Password Guessing · Pre-computed Hashes o Web enumeration Offline Attacks Brute force Attack o Smtpscan o Asnumber Passive Online Attack: Wire Sniffing Syllable Attack/Rule-based Attack/ Hybrid attacks o Lynx Distributed network Attack Winfingerprint Rainbow Attack o Windows Active Directory Attack Tool · o How To Enumerate Web Application Directories in IIS Using DirectoryServices o Default Password Database IP Tools Scanner Enumerate Systems Using Default Password § Tools: o NBTScan o NetViewX o FREENETENUMERATOR ITPro Global ® 2009 www.itpro.net.vn Non-Technical Attacks § http://www.defaultpassword.com/ § http://www.cirt.net/cgi-bin/passwd.pl § http://www.virus.org/index.php? o PDF Password Cracker o Abcom PDF Password Cracker o Password Mitigation Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center o Permanent Account Lockout-Employee Privilege Abuse o Tool: LCP o Tool: SID&User o Administrator Password Guessing · o Tool: Ophcrack 2 Manual Password cracking Algorithm o Tool: Crack · Automatic Password Cracking Algorithm o Tool: Access PassView o Tool: Asterisk Logger o Performing Automated Password Guessing · o Tool: CHAOS Generator Tool: NAT o Tool: Asterisk Key · Smbbf (SMB Passive Brute Force Tool) · SmbCrack Tool: Legion · Hacking Tool: LOphtcrack o Password Recovery Tool: MS Access Database Password Decoder o Password Cracking Countermeasures o Microsoft Authentication o Do Not Store LAN Manager Hash in SAM Database · o LM Hash Backward Compatibility LM, NTLMv1, and NTLMv2 o How to Disable LM HASH · NTLM And LM Authentication On The Wire · Kerberos Authentication · What is LAN Manager Hash? LM “Hash” Generation o Password Brute-Force Estimate Tool o Syskey Utility o AccountAudit LM Hash Part2-Escalating Privileges o CEH Hacking Cycle · Salting · PWdump2 and Pwdump3 · Tool: Rainbowcrack · Hacking Tool: KerbCrack · Hacking Tool: NBTDeputy · Change Recovery Console Password - Method 1 · NetBIOS DoS Attack · · Hacking Tool: John the Ripper o Password Sniffing o How to Sniff SMB Credentials? o SMB Replay Attacks o Replay Attack Tool: SMBProxy o Privilege Escalation o Cracking NT/2000 passwords o Active@ Password Changer Change Recovery Console Password Method 2 o Privilege Escalation Tool: x.exe Part3-Executing applications o CEH Hacking Cycle o Tool: psexec o Tool: remoexec o SMB Signing ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center o Ras N Map o Stealth Website Logger o Tool: Alchemy Remote Executor o Digi Watcher Video Surveillance o Emsa FlexInfo Pro o Desktop Spy Screen Capture Program o Keystroke Loggers o Telephone Spy o E-mail Keylogger o Print Monitor Spy Tool o Revealer Keylogger Pro o Stealth E-Mail Redirector o Handy Keylogger o Spy Software: Wiretap Professional o Ardamax Keylogger o Spy Software: FlexiSpy o Powered Keylogger o PC PhoneHome o Quick Keylogger o Keylogger Countermeasures o Spy-Keylogger o Anti Keylogger o Perfect Keylogger o Advanced Anti Keylogger o Invisible Keylogger o Privacy Keyboard o Actual Spy o Spy Hunter - Spyware Remover o SpyToctor FTP Keylogger o Spy Sweeper o IKS Software Keylogger o Spyware Terminator o Ghost Keylogger o WinCleaner AntiSpyware o Hacking Tool: Hardware Key Logger Part4-Hiding files o What is Spyware? o CEH Hacking Cycle o Spyware: Spector o Hiding Files o Remote Spy o RootKits o Spy Tech Spy Agent · Why rootkits o 007 Spy Software · Hacking Tool: NT/2000 Rootkit o Spy Buddy · Planting the NT/2000 Rootkit o Ace Spy · Rootkits in Linux o Keystroke Spy · Detecting Rootkits o Activity Monitor · Steps for Detecting Rootkits o Hacking Tool: eBlaster · Rootkit Detection Tools o Stealth Voice Recorder · Sony Rootkit Case Study o Stealth Keylogger · Rootkit: Fu ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center · AFX Rootkit · Tool: Mp3Stego · Rootkit: Nuclear · Tool: Snow.exe · Rootkit: Vanquish · Steganography Tool: Fort Knox · Rootkit Countermeasures · Steganography Tool: Blindside · Patchfinder · Steganography Tool: S- Tools · RootkitRevealer · Steganography Tool: Steghide o Creating Alternate Data Streams · Tool: Steganos o How to Create NTFS Streams? · Steganography Tool: Pretty Good Envelop · NTFS Stream Manipulation · NTFS Streams Countermeasures · Tool: Gifshuffle · Tool: JPHIDE and JPSEEK · Tool: wbStego · Tool: OutGuess o What is Steganography? · Tool: Data Stash · · Tool: Hydan § Least Significant Bit Insertion in Image files · Tool: Cloak § Process of Hiding Information in Image Files · Tool: StegoNote · Tool: Stegomagic · Steganos Security Suite · C Steganography · Isosteg · FoxHole · Video Steganography · NTFS Stream Detectors (ADS Spy and ADS Tools) · Hacking Tool: USB Dumper Steganography Techniques § Masking and Filtering in Image files § Algorithms and transformation · Tool: Merge Streams · Invisible Folders · Tool: Invisible Secrets · Tool : Image Hide · Tool: Stealth Files · Tool: Steganography · Masker Steganography Tool · Hermetic Stego · Steganalysis Methods/Attacks on Steganography · DCPP – Hide an Operating System · Stegdetect · Tool: Camera/Shy · SIDS · www.spammimic.com · High-Level View ITPro Global ® 2009 www.itpro.net.vn · Case Study: Al-Qaida members Distributing Propaganda to Volunteers using Steganography · Steganalysis Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center · Tool: dskprobe.exe o What do Trojan Creators Look for? · Stego Watch- Stego Detection Tool · StegSpy o Different Ways a Trojan can Get into a System Part5-Covering Tracks o CEH Hacking Cycle Indications of a Trojan Attack Ports Used by Trojans o How to Determine which Ports are Listening o Covering Tracks o Disabling Auditing Trojans o Clearing the Event Log o Trojan: iCmd o Tool: elsave.exe o MoSucker Trojan o Hacking Tool: Winzapper o Proxy Server Trojan o Evidence Eliminator o SARS Trojan Notification o Tool: Traceless o Wrappers o Tool: Tracks Eraser Pro o Wrapper Covert Program o Armor Tools o Wrapping Tools o Tool: ZeroTracks o One Exe Maker / YAB / Pretator Wrappers o PhatBooster o Packaging Tool: WordPad o RemoteByMail Module 8: Trojans and Backdoors o Tool: Icon Plus Effect on Business o Defacing Application: Restorator What is a Trojan? o Tetris o Overt and Covert Channels o HTTP Trojans o Working of Trojans o Trojan Attack through Http o Different Types of Trojans o HTTP Trojan (HTTP RAT) § Remote Access Trojans o Shttpd Trojan - HTTP Server § Data-Sending Trojans o Reverse Connecting Trojans § Destructive Trojans o Nuclear RAT Trojan (Reverse Connecting) § Denial-of-Service (DoS) Attack Trojans o Tool: BadLuck Destructive Trojan § Proxy Trojans o ICMP Tunneling § FTP Trojans o ICMP Backdoor Trojan § Security Software Disablers o Microsoft Network Hacked by QAZ Trojan ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center o Backdoor.Theef (AVP) o Skiddie Rat o T2W (TrojanToWorm) o Biohazard RAT o Biorante RAT o Troya o DownTroj o ProRat o Turkojan o Dark Girl o Trojan.Satellite-RAT o DaCryptic o Yakoza o Net-Devil o DarkLabel B4 Classic Trojans Found in the Wild o Trojan.Hav-Rat o Trojan: Tini o Poison Ivy o Trojan: NetBus o Rapid Hacker o Trojan: Netcat o SharK o Netcat Client/Server o HackerzRat o Netcat Commands o TYO o Trojan: Beast o 1337 Fun Trojan o Trojan: Phatbot o Criminal Rat Beta o Trojan: Amitis o VicSpy o Trojan: Senna Spy o Optix PRO o Trojan: QAZ o ProAgent o Trojan: Back Orifice o OD Client o Trojan: Back Oriffice 2000 o AceRat o Back Oriffice Plug-ins o Mhacker-PS o Trojan: SubSeven o RubyRAT Public o Trojan: CyberSpy Telnet Trojan o SINner o Trojan: Subroot Telnet Trojan o ConsoleDevil o Trojan: Let Me Rule! 2.0 BETA 9 o ZombieRat o Trojan: Donald Dick o FTP Trojan - TinyFTPD o Trojan: RECUB o VNC Trojan Hacking Tool: Loki o Webcam Trojan Loki Countermeasures o DJI RAT Atelier Web Remote Commander ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center Trojan Horse Construction Kit MD5 Checksum.exe How to Detect Trojans? Microsoft Windows Defender How to Avoid a Trojan Infection o Netstat o fPort o TCPView Virus History o CurrPorts Tool Characteristics of Virus o Process Viewer Working of Virus o Delete Suspicious Device Drivers o Infection Phase o Check for Running Processes: What’s on My Computer o Attack Phase o Super System Helper Tool o Inzider-Tracks Processes and Ports o Tool: What’s Running o MS Configuration Utility o Registry- What’s Running o Autoruns o Hijack This (System Checker) o Startup List Module 9: Viruses and Worms Why people create Computer Viruses Symptoms of a Virus-like Attack Virus Hoaxes Chain Letters How is a Worm Different from a Virus Indications of a Virus Attack Hardware Threats Software Threats Virus Damage Anti-Trojan Software § TrojanHunter § Comodo BOClean § Trojan Remover: XoftspySE § Trojan Remover: Spyware Doctor § SPYWAREfighter § Mode of Virus Infection Stages of Virus Life Virus Classification How Does a Virus Infect? Storage Patterns of Virus o System Sector virus Evading Anti-Virus Techniques Sample Code for Trojan Client/Server Evading Anti-Trojan/Anti-Virus using Stealth Tools · Self -Modification Backdoor Countermeasures · Encryption with a Variable Key Tripwire o Polymorphic Code System File Verification o Metamorphic Virus ITPro Global ® 2009 www.itpro.net.vn o Stealth Virus o Bootable CD-Rom Virus Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center o Cavity Virus What is Sheep Dip? o Sparse Infector Virus Virus Analysis – IDA Pro Tool o Companion Virus Prevention is better than Cure o File Extension Virus Anti-Virus Software Famous Virus/Worms – I Love You Virus o AVG Antivirus Famous Virus/Worms – Melissa o Norton Antivirus Famous Virus/Worms – JS/Spth o McAfee Klez Virus Analysis o Socketsheild Latest Viruses o BitDefender Top 10 Viruses- 2008 o ESET Nod32 o Virus: Win32.AutoRun.ah o CA Anti-Virus o Virus:W32/Virut o F-Secure Anti-Virus o Virus:W32/Divvi o Kaspersky Anti-Virus o Worm.SymbOS.Lasco.a o F-Prot Antivirus o Disk Killer o Panda Antivirus Platinum o Bad Boy o avast! Virus Cleaner o HappyBox o ClamWin o Java.StrangeBrew o Norman Virus Control o MonteCarlo Family Popular Anti-Virus Packages o PHP.Neworld Virus Databases o W32/WBoy.a o ExeBug.d Module 10: Sniffers o W32/Voterai.worm.e Definition - Sniffing o W32/Lecivio.worm Protocols Vulnerable to Sniffing o W32/Lurka.a Tool: Network View – Scans the Network for Devices The Dude Sniffer Wireshark Display Filters in Wireshark Following the TCP Stream in Wireshark Cain and Abel o W32/Vora.worm!p2p Writing a Simple Virus Program Virus Construction Kits Virus Detection Methods Virus Incident Response ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center Tcpdump o Linux Tool: Sshmitm Tcpdump Commands o Linux Tool: Tcpkill Types of Sniffing o Linux Tool: Tcpnice o Passive Sniffing o Linux Tool: Urlsnarf o Active Sniffing o Linux Tool: Webspy What is ARP o Linux Tool: Webmitm o ARP Spoofing Attack DNS Poisoning Techniques o How does ARP Spoofing Work o Intranet DNS Spoofing (Local Network) o ARP Poising o Internet DNS Spoofing (Remote Network) o MAC Duplicating o Proxy Server DNS Poisoning o MAC Duplicating Attack o DNS Cache Poisoning o Tools for ARP Spoofing Interactive TCP Relay · Ettercap Interactive Replay Attacks · ArpSpyX Raw Sniffing Tools Features of Raw Sniffing Tools o MAC Flooding · Tools for MAC Flooding o HTTP Sniffer: EffeTech Linux Tool: Macof o Ace Password Sniffer Windows Tool: Etherflood o Win Sniffer o Threats of ARP Poisoning o MSN Sniffer o Irs-Arp Attack Tool o SmartSniff o ARPWorks Tool o Session Capture Sniffer: NetWitness o Tool: Nemesis o Session Capture Sniffer: NWreader o IP-based sniffing o Packet Crafter Craft Custom TCP/IP Packets Linux Sniffing Tools (dsniff package) o Linux tool: Arpspoof o Linux Tool: Dnssppoof o Linux Tool: Dsniff o Linux Tool: Filesnarf o Linux Tool: Mailsnarf o Linux Tool: Msgsnarf o SMAC o NetSetMan Tool o Ntop o EtherApe o Network Probe o Maa Tec Network Analyzer o Tool: Snort ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center o Tool: Windump “Rebecca” and “Jessica” o Tool: Etherpeek Office Workers o NetIntercept Types of Social Engineering o Colasoft EtherLook o Human-Based Social Engineering o AW Ports Traffic Analyzer · Technical Support Example o Colasoft Capsa Network Analyzer · More Social Engineering Examples o CommView · Human-Based Social Engineering: Eavesdropping o Sniffem o NetResident o IP Sniffer o Sniphere o IE HTTP Analyzer o BillSniff · Human-Based Social Engineering: Shoulder Surfing · Human-Based Social Engineering: Dumpster Diving · Dumpster Diving Example · Oracle Snoops Microsoft’s Trash Bins o URL Snooper · Movies to Watch for Reverse Engineering o EtherDetect Packet Sniffer o Computer Based Social Engineering o EffeTech HTTP Sniffer o Insider Attack o AnalogX Packetmon o Disgruntled Employee o Colasoft MSN Monitor o Preventing Insider Threat o IPgrab o Common Targets of Social Engineering o EtherScan Analyzer § Social Engineering Threats How to Detect Sniffing o Online Countermeasures o Telephone o Antisniff Tool o Personal approaches o Arpwatch Tool o Defenses Against Social Engineering Threats o PromiScan o proDETECT § Factors that make Companies Vulnerable to Attacks § Why is Social Engineering Effective Module 11: Social Engineering § Warning Signs of an Attack What is Social Engineering? § Tool : Netcraft Anti-Phishing Toolbar Human Weakness § Phases in a Social Engineering Attack ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center § Behaviors Vulnerable to Attacks o Client-side Vulnerabilities § Impact on the Organization o Deceptive Phishing § Countermeasures o Malware-Based Phishing § Policies and Procedures o DNS-Based Phishing § Security Policies - Checklist o Content-Injection Phishing § Impersonating Orkut, Facebook, MySpace o Search Engine Phishing § Orkut § Phishing Statistics: Feb’ 2008 § Impersonating on Orkut § Anti-Phishing § MW.Orc worm § Anti-Phishing Tools § Facebook o PhishTank SiteChecker § Impersonating on Facebook o NetCraft § MySpace o GFI MailEssentials § Impersonating on MySpace o SpoofGuard § How to Steal Identity o Phishing Sweeper Enterprise § Comparison o TrustWatch Toolbar § Original o ThreatFire § Identity Theft o GralicWrap § http://www.consumer.gov/idtheft/ o Spyware Doctor o Track Zapper Spyware-Adware Remover o AdwareInspector Module 12: Phishing o Email-Tag.com § Phishing § Introduction § Reasons for Successful Phishing Module 13: Hacking Email Accounts § Phishing Methods Ways for Getting Email Account Information § Process of Phishing Stealing Cookies § Types of Phishing Attacks Social Engineering o Man-in-the-Middle Attacks Password Phishing o URL Obfuscation Attacks Fraudulent e-mail Messages o Cross-site Scripting Attacks Vulnerabilities o Hidden Attacks ITPro Global ® 2009 www.itpro.net.vn o Web Email Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center o Reaper Exploit DoS Attack Classification Tool: Advanced Stealth Email Redirector o Smurf Attack Tool: Mail PassView o Buffer Overflow Attack Tool: Email Password Recovery Master o Ping of Death Attack Tool: Mail Password o Teardrop Attack Email Finder Pro o SYN Attack Email Spider Easy o SYN Flooding Kernel Hotmail MSN Password Recovery o DoS Attack Tools Retrieve Forgotten Yahoo Password o DoS Tool: Jolt2 MegaHackerZ o DoS Tool: Bubonic.c Hack Passwords o DoS Tool: Land and LaTierra Creating Strong Passwords o DoS Tool: Targa Creating Strong Passwords: Change Password o DoS Tool: Blast Creating Strong Passwords: Trouble Signing In o DoS Tool: Panther2 Sign-in Seal o DoS Tool: Crazy Pinger Alternate Email Address o DoS Tool: SomeTrouble Keep Me Signed In/ Remember Me o DoS Tool: UDP Flood Tool: Email Protector o DoS Tool: FSMax Tool: Email Security Bot (Derived from the Word RoBOT) Tool: EmailSanitizer Botnets Tool: Email Protector Uses of Botnets Tool: SuperSecret Types of Bots How Do They Infect? Analysis Of Agabot How Do They Infect Module 14: Denial-of-Service o DoS Tool: Nemesy Real World Scenario of DoS Attacks Tool: Nuclear Bot What are Denial-of-Service Attacks What is DDoS Attack Goal of DoS Characteristics of DDoS Attacks Impact and the Modes of Attack DDOS Unstoppable Types of Attacks Agent Handler Model ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center DDoS IRC based Model Deflect Attacks DDoS Attack Taxonomy Post-attack Forensics Amplification Attack Packet Traceback Reflective DNS Attacks Reflective DNS Attacks Tool: ihateperl.pl DDoS Tools What is Session Hijacking? o DDoS Tool: Trinoo Spoofing v Hijacking o DDoS Tool: Tribal Flood Network Steps in Session Hijacking o DDoS Tool: TFN2K Types of Session Hijacking o DDoS Tool: Stacheldraht Session Hijacking Levels o DDoS Tool: Shaft Network Level Hijacking o DDoS Tool: Trinity The 3-Way Handshake o DDoS Tool: Knight and Kaiten TCP Concepts 3-Way Handshake o DDoS Tool: Mstream Sequence Numbers Worms Sequence Number Prediction Slammer Worm TCP/IP hijacking Spread of Slammer Worm – 30 min IP Spoofing: Source Routed Packets MyDoom.B RST Hijacking SCO Against MyDoom Worm How to Conduct a DDoS Attack Blind Hijacking The Reflected DoS Attacks Man in the Middle: Packet Sniffer Reflection of the Exploit UDP Hijacking Countermeasures for Reflected DoS Application Level Hijacking DDoS Countermeasures Programs that Performs Session Hacking Taxonomy of DDoS Countermeasures o Juggernaut Preventing Secondary Victims o Hunt Detect and Neutralize Handlers o TTY-Watcher Detect Potential Attacks o IP watcher DoSHTTP Tool o Session Hijacking Tool: T-Sight Mitigate or Stop the Effects of DDoS Attacks o Remote TCP Session Reset Utility (SOLARWINDS) ITPro Global ® 2009 www.itpro.net.vn Module 15: Session Hijacking o RST Hijacking Tool: hijack_rst.sh Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center o Paros HTTP Session Hijacking Tool o Tool: HttpZip o Dnshijacker Tool o Tool: LinkDeny o Hjksuite Tool o Tool: ServerDefender AI Dangers that hijacking Pose o Tool: ZipEnable Protecting against Session Hijacking o Tool: w3compiler Countermeasures: IPSec o Yersinia Module 16: Hacking Web Servers Tool: Metasploit Framework Tool: Immunity CANVAS Professional How Web Servers Work Tool: Core Impact How are Web Servers Compromised Tool: MPack Web Server Defacement Tool: Neosploit o How are Servers Defaced Hotfixes and Patches Apache Vulnerability What is Patch Management Attacks against IIS Patch Management Checklist o IIS Components o Solution: UpdateExpert o IIS Directory Traversal (Unicode) Attack o Patch Management Tool: qfecheck Unicode o Patch Management Tool: HFNetChk o Unicode Directory Traversal Vulnerability o cacls.exe utility Hacking Tool o Shavlik NetChk Protect o Hacking Tool: IISxploit.exe o Kaseya Patch Management o Msw3prt IPP Vulnerability o IBM Tivoli Configuration Manager o RPC DCOM Vulnerability o LANDesk Patch Manager o ASP Trojan o BMC Patch Manager o IIS Logs o ConfigureSoft Enterprise Configuration Manager (ECM) o Network Tool: Log Analyzer o BladeLogic Configuration Manager o Hacking Tool: CleanIISLog o IIS Security Tool: Server Mask o Opsware Server Automation System (SAS) o ServerMask ip100 o Best Practices for Patch Management o Tool: CacheRight Vulnerability Scanners o Tool: CustomError Online Vulnerability Search Engine ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center Network Tool: Whisker Network Tool: N-Stealth HTTP Vulnerability Scanner Hacking Tool: WebInspect Network Tool: Shadow Security Scanner Secure IIS o Countermeasures o Countermeasures Cryptographic Interception Cookie Snooping Authentication Hijacking o ServersCheck Monitoring o GFI Network Server Monitor o Servers Alive o Webserver Stress Tool o Monitoring Tool: Secunia PSI Countermeasures Increasing Web Server Security Web Server Protection Checklist Directory Traversal/Forceful Browsing o Countermeasures Log Tampering Error Message Interception Attack Obfuscation Platform Exploits DMZ Protocol Attacks o Countermeasures Security Management Exploits o Web Services Attacks Module 17: Web Application Vulnerabilities Web Application Setup Web application Hacking Anatomy of an Attack Web Application Threats Cross-Site Scripting/XSS Flaws o An Example of XSS o Countermeasures SQL Injection Command Injection Flaws o Zero-Day Attacks o Network Access Attacks TCP Fragmentation Hacking Tools o Instant Source o Wget o WebSleuth o BlackWidow o SiteScope Tool o Countermeasures o WSDigger Tool – Web Services Testing Tool Cookie/Session Poisoning o CookieDigger Tool o Countermeasures o SSLDigger Tool Parameter/Form Tampering o SiteDigger Tool Hidden Field at o WindowBomb Buffer Overflow o Burp: Positioning Payloads ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center o Burp: Configuring Payloads and Content Enumeration o RSA SecurID Token o Biometrics Authentication o Burp: Password Guessing · o Burp Proxy Fingerprint-based Identification o Burpsuite Hand Geometry- based Identification o Hacking Tool: cURL Retina Scanning o dotDefender Afghan Woman Recognized After 17 Years o Acunetix Web Scanner o AppScan – Web Application Scanner Face Recognition o AccessDiver Face Code: WebCam Based Biometrics Authentication System o Tool: Falcove Web Vulnerability Scanner o Tool: NetBrute o Tool: Emsa Web Monitor o Tool: KeepNI o Tool: Parosproxy o Tool: WebScarab o Tool: Watchfire AppScan o Tool: WebWatchBot o Tool: Mapper Module 18: Web-Based Password Cracking Techniques Authentication - Definition Authentication Mechanisms o HTTP Authentication · Basic Authentication · Digest Authentication Bill Gates at the RSA Conference 2006 How to Select a Good Password Things to Avoid in Passwords Changing Your Password Protecting Your Password Examples of Bad Passwords The “Mary Had A Little Lamb” Formula How Hackers Get Hold of Passwords Windows XP: Remove Saved Passwords What is a Password Cracker Modus Operandi of an Attacker Using a Password Cracker How Does a Password Cracker Work Attacks - Classification o Password Guessing o Query String o Cookies o Integrated Windows (NTLM) Authentication o Negotiate Authentication Types of Biometrics Authentication o Dictionary Maker Password Crackers Available o Certificate-based Authentication o L0phtCrack (LC4) o Forms-based Authentication o John the Ripper ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center o Brutus Module 19: SQL Injection o ObiWaN o Authforce o Hydra o Cain & Abel o RAR o Gammaprog o WebCracker o Munga Bunga o PassList o SnadBoy o MessenPass o Wireless WEP Key Password Spy o RockXP o Password Spectator Pro o Passwordstate o Atomic Mailbox Password Cracker o Advanced Mailbox Password Recovery (AMBPR) o Tool: Network Password Recovery o Tool: Mail PassView o Tool: Messenger Key o Tool: SniffPass o WebPassword o Password Administrator o Password Safe o Easy Web Password o PassReminder o My Password Manager Countermeasures What is SQL Injection Exploiting Web Applications Steps for performing SQL injection What You Should Look For What If It Doesn’t Take Input OLE DB Errors Input Validation Attack SQL injection Techniques How to Test for SQL Injection Vulnerability How Does It Work BadLogin.aspx.cs BadProductList.aspx.cs Executing Operating System Commands Getting Output of SQL Query Getting Data from the Database Using ODBC Error Message How to Mine all Column Names of a Table How to Retrieve any Data How to Update/Insert Data into Database SQL Injection in Oracle SQL Injection in MySql Database Attacking Against SQL Servers SQL Server Resolution Service (SSRS) Osql -L Probing SQL Injection Automated Tools Automated SQL Injection Tool: AutoMagic SQL Absinthe Automated SQL Injection Tool o Hacking Tool: SQLDict o Hacking Tool: SQLExec ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center o SQL Server Password Auditing Tool: sqlbf § Wireless Concepts and Devices o Hacking Tool: SQLSmack o Related Technology and Carrier Networks o Hacking Tool: SQL2.exe o Antennas o sqlmap o Cantenna – www.cantenna.com o sqlninja o Wireless Access Points o SQLIer o SSID o Automagic SQL Injector o Beacon Frames o Absinthe o Is the SSID a Secret Blind SQL Injection o Setting up a WLAN o Blind SQL Injection: Countermeasure o Authentication and Association o Blind SQL Injection Schema o Authentication Modes SQL Injection Countermeasures o The 802.1X Authentication Process Preventing SQL Injection Attacks § GoodLogin.aspx.cs o Wired Equivalent Privacy (WEP) SQL Injection Blocking Tool: SQL Block o WEP Issues Acunetix Web Vulnerability Scanner o WEP - Authentication Phase WEP and WPA o WEP - Shared Key Authentication Module 20: Hacking Wireless Networks o WEP - Association Phase § Introduction to Wireless o WEP Flaws o Introduction to Wireless Networking o What is WPA o Wired Network vs. Wireless Network o WPA Vulnerabilities o Effects of Wireless Attacks on Business o WEP, WPA, and WPA2 o Types of Wireless Network o WPA2 Wi-Fi Protected Access 2 o Advantages and Disadvantages of a Wireless Network § Wireless Standards o Wireless Standard: 802.11a § Attacks and Hacking Tools o Terminologies o WarChalking o Wireless Standard: 802.11b – “WiFi” o Authentication and (Dis) Association Attacks o Wireless Standard: 802.11g o WEP Attack o Wireless Standard: 802.11i o Cracking WEP o Wireless Standard: 802.11n o Weak Keys (a.k.a. Weak IVs) ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center o Problems with WEP’s Key Stream and Reuse o Temporal Key Integrity Protocol (TKIP) o Automated WEP Crackers o LEAP: The Lightweight Extensible Authentication Protocol o Pad-Collection Attacks o LEAP Attacks o XOR Encryption o LEAP Attack Tool: ASLEAP o Stream Cipher o Working of ASLEAP o WEP Tool: Aircrack o MAC Sniffing and AP Spoofing o Aircrack-ng o Defeating MAC Address Filtering in Windows o WEP Tool: AirSnort o WEP Tool: WEPCrack o WEP Tool: WepLab o Attacking WPA Encrypted Networks o Attacking WEP with WEPCrack on Windows using Cygwin o Manually Changing the MAC Address in Windows XP and 2000 o Tool to Detect MAC Address Spoofing: Wellenreiter o Man-in-the-Middle Attack (MITM) o Denial-of-Service Attacks o Attacking WEP with WEPCrack on Windows using PERL Interpreter o DoS Attack Tool: Fatajack o Tool: Wepdecrypt o Hijacking and Modifying a Wireless Network o WPA-PSK Cracking Tool: CowPatty o Phone Jammers o 802.11 Specific Vulnerabilities o Phone Jammer: Mobile Blocker o Evil Twin: Attack o Pocket Cellular Style Cell Phone Jammer o Rogue Access Points o 2.4Ghz Wi-Fi & Wireless Camera Jammer o Tools to Generate Rogue Access Points: Fake AP o 3 Watt Digital Cell Phone Jammer o Tools to Detect Rogue Access Points: Netstumbler o Tools to Detect Rogue Access Points: MiniStumbler o 3 Watt Quad Band Digital Cellular Mobile Phone Jammer o 20W Quad Band Digital Cellular Mobile Phone Jammer o ClassicStumbler o 40W Digital Cellular Mobile Phone Jammer o AirFart o Detecting a Wireless Network o AP Radar § Scanning Tools o Hotspotter o Scanning Tool: Kismet o Cloaked Access Point o Scanning Tool: Prismstumbler o WarDriving Tool: shtumble o Scanning Tool: MacStumbler ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center o Scanning Tool: Mognet V1.16 o Step 1: Find Networks to Attack o Scanning Tool: WaveStumbler o Step 2: Choose the Network to Attack o Scanning Tool: Netchaser V1.0 for Palm Tops o Step 3: Analyzing the Network o Step 4: Cracking the WEP Key o Scanning Tool: AP Scanner o Step 5: Sniffing the Network o Scanning Tool: Wavemon § Wireless Security o Scanning Tool: Wireless Security Auditor (WSA) o WIDZ: Wireless Intrusion Detection System o Scanning Tool: AirTraf o Scanning Tool: WiFi Finder o Radius: Used as Additional Layer in Security o Scanning Tool: WifiScanner o Securing Wireless Networks o eEye Retina WiFI o Wireless Network Security Checklist o Simple Wireless Scanner o WLAN Security: Passphrase o wlanScanner o Don’ts in Wireless Security § Sniffing Tools § Wireless Security Tools o Sniffing Tool: AiroPeek o WLAN Diagnostic Tool: CommView for WiFi PPC o Sniffing Tool: NAI Wireless Sniffer o MAC Sniffing Tool: WireShark o WLAN Diagnostic Tool: AirMagnet Handheld Analyzer o Sniffing Tool: vxSniffer o Auditing Tool: BSD-Airtools o Sniffing Tool: Etherpeg o AirDefense Guard (www.AirDefense.com) o Sniffing Tool: Drifnet o Google Secure Access o Sniffing Tool: AirMagnet o Tool: RogueScanner o Sniffing Tool: WinDump o Sniffing Tool: Ssidsniff o Multiuse Tool: THC-RUT Module 21: Physical Security Security Facts Understanding Physical Security Physical Security What Is the Need for Physical Security o Microsoft Network Monitor Who Is Accountable for Physical Security § Hacking Wireless Networks Factors Affecting Physical Security o Steps for Hacking Wireless Networks Physical Security Checklist o Tool: WinPcap o Tool: AirPcap o AirPcap: Example Program from the Developer's Pack ® ITPro Global 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center o Physical Security Checklist -Company surroundings o Gates o Security Guards o Physical Security Checklist: Premises o CCTV Cameras o Reception o Server Room o Workstation Area o Wireless Access Point o Other Equipments o Access Control · Biometric Devices · Biometric Identification Techniques · Authentication Mechanisms Statistics for Stolen and Recovered Laptops Laptop Theft Laptop theft: Data Under Loss Laptop Security Tools Laptop Tracker - XTool Computer Tracker Tools to Locate Stolen Laptops Stop's Unique, Tamper-proof Patented Plate Tool: TrueCrypt Laptop Security Countermeasures Mantrap TEMPEST Challenges in Ensuring Physical Security Spyware Technologies Spying Devices Physical Security: Lock Down USB Ports · Authentication Mechanism Challenges: Biometrics Tool: DeviceLock · Faking Fingerprints Blocking the Use of USB Storage Devices · Smart cards Track Stick GPS Tracking Device · Security Token · Computer Equipment Maintenance · Wiretapping § Why Linux · Remote Access § Linux Distributions · Lapse of Physical Security § Linux Live CD-ROMs · Locks § Basic Commands of Linux: Files & Directories Module 22: Linux Hacking Lock Picking § Linux Basic Lock Picking Tools Information Security EPS (Electronic Physical Security) Wireless Security Laptop Theft Statistics for 2007 ITPro Global ® 2009 www.itpro.net.vn o Linux File Structure o Linux Networking Commands Directories in Linux Installing, Configuring, and Compiling Linux Kernel Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center How to Install a Kernel Patch Linux Tool: IPTraf Compiling Programs in Linux Linux Tool: LIDS GCC Commands Hacking Tool: Hunt Make Files Tool: TCP Wrappers Make Install Command Linux Loadable Kernel Modules Linux Vulnerabilities Hacking Tool: Linux Rootkits Chrooting Rootkits: Knark & Torn Why is Linux Hacked Rootkits: Tuxit, Adore, Ramen How to Apply Patches to Vulnerable Programs Rootkit: Beastkit Rootkit Countermeasures Scanning Networks ‘chkrootkit’ detects the following Rootkits Nmap in Linux Linux Tools: Application Security Scanning Tool: Nessus Port Scan Detection Tools Advanced Intrusion Detection Environment (AIDE) Password Cracking in Linux: Xcrack Linux Tools: Security Testing Tools Firewall in Linux: IPTables Linux Tools: Encryption IPTables Command Linux Tools: Log and Traffic Monitors Basic Linux Operating System Defense Linux Security Auditing Tool (LSAT) SARA (Security Auditor's Research Assistant) Linux Security Countermeasures Steps for Hardening Linux Linux Tool: Netcat Linux Tool: tcpdump Linux Tool: Snort Linux Tool: SAINT § Introduction to Intrusion Detection System Linux Tool: Wireshark § Terminologies Linux Tool: Abacus Port Sentry § Intrusion Detection System (IDS) Linux Tool: DSniff Collection o IDS Placement Linux Tool: Hping2 o Ways to Detect an Intrusion Linux Tool: Sniffit o Types of Instruction Detection Systems Linux Tool: Nemesis o System Integrity Verifiers (SIVS) Linux Tool: LSOF o Tripwire ITPro Global ® 2009 www.itpro.net.vn Module 23: Evading IDS, Firewalls and Detecting Honey Pots Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center o Cisco Security Agent (CSA) o Firewall Operations o True/False, Positive/Negative o Hardware Firewall o Signature Analysis o Software Firewall o General Indication of Intrusion: System Indications o Types of Firewall o General Indication of Intrusion: File System Indications o General Indication of Intrusion: Network Indications o Intrusion Detection Tools · Snort · Running Snort on Windows 2003 · Snort Console · Testing Snort · Configuring Snort (snort.conf) · Snort Rules · Set up Snort to Log to the Event Logs and to Run as a Service · Using EventTriggers.exe for Eventlog Notifications · SnortSam · Packet Filtering Firewall · IP Packet Filtering Firewall · Circuit-Level Gateway · TCP Packet Filtering Firewall · Application Level Firewall · Application Packet Filtering Firewall · Stateful Multilayer Inspection Firewall o Packet Filtering Firewall o Firewall Identification o Firewalking o Banner Grabbing o Breaching Firewalls o Bypassing a Firewall using HTTPTunnel o Placing Backdoors through Firewalls o Hiding Behind a Covert Channel: LOKI o Steps to Perform after an IDS detects an attack o Tool: NCovert o Evading IDS Systems o ACK Tunneling · Ways to Evade IDS o Tools to breach firewalls · Tools to Evade IDS § Common Tool for Testing Firewall and IDS § IDS Evading Tool: ADMutate o IDS testing tool: IDS Informer § Packet Generators o IDS Testing Tool: Evasion Gateway § What is a Firewall? o What Does a Firewall Do o IDS Tool: Event Monitoring Enabling Responses to Anomalous Live Disturbances (Emerald) o Packet Filtering o IDS Tool: BlackICE o What can’t a firewall do o IDS Tool: Next-Generation Intrusion Detection Expert System (NIDES) o How does a Firewall work ITPro Global ® 2009 www.itpro.net.vn o IDS Tool: SecureHost Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center o IDS Tool: Snare o A Simple Uncontrolled Overflow of the Stack o IDS Testing Tool: Traffic IQ Professional o Stack Based Buffer Overflows o IDS Testing Tool: TCPOpera o IDS testing tool: Firewall Informer Types of Buffer Overflows: Heap-based Buffer Overflow o Atelier Web Firewall Tester o Heap Memory Buffer Overflow Bug § What is Honeypot? o Heap-based Buffer Overflow o The Honeynet Project o Types of Honeypots § Low-interaction honeypot Understanding Assembly Language o Shellcode How to Detect Buffer Overflows in a Program § Medium-interaction honeypot o Attacking a Real Program § High-interaction honeypot § NOPs o Advantages and Disadvantages of a Honeypot § How to Mutate a Buffer Overflow Exploit § Once the Stack is Smashed o Where to place Honeypots o Honeypots · Honeypot-SPECTER · Honeypot - honeyd · Honeypot – KFSensor · Sebek Defense Against Buffer Overflows o Tool to Defend Buffer Overflow: Return Address Defender (RAD) o Tool to Defend Buffer Overflow: StackGuard o Tool to Defend Buffer Overflow: Immunix System o Physical and Virtual Honeypots o Vulnerability Search: NIST § Tools to Detect Honeypots § What to do when hacked o Valgrind o Insure++ Module 24: Buffer Overflows Buffer Overflow Protection Solution: Libsafe Why are Programs/Applications Vulnerable Buffer Overflows Reasons for Buffer Overflow Attacks Knowledge Required to Program Buffer Overflow Exploits Understanding Stacks Understanding Heaps § Introduction to Cryptography Types of Buffer Overflows: Stack-based Buffer Overflow § Classical Cryptographic Techniques o Comparing Functions of libc and Libsafe Simple Buffer Overflow in C o Code Analysis Module 25: Cryptography o Encryption ® ITPro Global 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center o Cleversafe Grid Builder http://www.cleversafe.com/ o Decryption § Cryptographic Algorithms § PGP (Pretty Good Privacy) § RSA (Rivest Shamir Adleman) § CypherCalc o Example of RSA Algorithm § Command Line Scriptor o RSA Attacks § CryptoHeaven o RSA Challenge § Hacking Tool: PGP Crack § Data Encryption Standard (DES) § Magic Lantern o DES Overview § Advanced File Encryptor § RC4, RC5, RC6, Blowfish Encryption Engine Encrypt Files Encrypt PDF Encrypt Easy Encrypt my Folder Advanced HTML Encrypt and Password Protect § What is SSH? Encrypt HTML source o SSH (Secure Shell) Alive File Encryption § Algorithms and Security Omziff § Disk Encryption ABC CHAOS § Government Access to Keys (GAK) EncryptOnClick § Digital Signature CryptoForge o Components of a Digital Signature SafeCryptor o Method of Digital Signature Technology CrypTool o Digital Signature Applications Microsoft Cryptography Tools o Digital Signature Standard Polar Crypto Light o Digital Signature Algorithm: Signature Generation/Verification CryptoSafe Crypt Edit CrypSecure o Challenges and Opportunities Cryptlib § Digital Certificates Crypto++ Library o RC5 § Message Digest Functions o One-way Bash Functions o MD5 § SHA (Secure Hash Algorithm) § SSL (Secure Sockets Layer) o Digital Signature Algorithms: ECDSA, ElGamal Signature Scheme ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center § Code Breaking: Methodologies § Denial-of-Service Emulation § Cryptanalysis § Pentest using Appscan § Cryptography Attacks § HackerShield § Brute-Force Attack § Pen-Test Using Cerberus Internet Scanner § Cracking S/MIME Encryption Using Idle CPU Time § Pen-Test Using Cybercop Scanner § distributed.net § Pen-Test Using FoundScan Hardware Appliances § Use Of Cryptography § Pen-Test Using Nessus § Pen-Test Using NetRecon Module 26: Penetration Testing § Pen-Test Using SAINT § Introduction to Penetration Testing (PT) § Pen-Test Using SecureNet Pro § Categories of security assessments § Pen-Test Using SecureScan § Vulnerability Assessment § Pen-Test Using SATAN, SARA and Security Analyzer § Limitations of Vulnerability Assessment § Penetration Testing § Types of Penetration Testing § Risk Management § Do-It-Yourself Testing § Outsourcing Penetration Testing Services § Pen-Test Using STAT Analyzer § Pentest Using VigilENT § Pentest Using WebInspect § Pentest Using CredDigger § Pentest Using Nsauditor § Terms of Engagement § Evaluating Different Types of Pen-Test Tools § Project Scope § Asset Audit § Pentest Service Level Agreements § Fault Tree and Attack Trees § Testing points § GAP Analysis § Testing Locations § Threat § Automated Testing § Business Impact of Threat § Manual Testing § Internal Metrics Threat § Using DNS Domain Name and IP Address Information § External Metrics Threat § Enumerating Information about Hosts on Publicly Available Networks § Calculating Relative Criticality § Test Dependencies § Testing Network-filtering Devices § Defect Tracking Tools: Bug Tracker Server § Enumerating Devices § Disk Replication Tools ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center § DNS Zone Transfer Testing Tools § Pre-attack Phase § Network Auditing Tools § Best Practices § Trace Route Tools and Services § Results that can be Expected § Network Sniffing Tools § Passive Reconnaissance § Denial of Service Emulation Tools § Active Reconnaissance § Traditional Load Testing Tools § Attack Phase § System Software Assessment Tools o Activity: Perimeter Testing § Operating System Protection Tools o Activity: Web Application Testing § Fingerprinting Tools o Activity: Wireless Testing § Port Scanning Tools o Activity: Acquiring Target § Directory and File Access Control Tools o Activity: Escalating Privileges § File Share Scanning Tools o Activity: Execute, Implant and Retract § Password Directories § Post Attack Phase and Activities § Password Guessing Tools § Penetration Testing Deliverables Templates § Link Checking Tools § Web-Testing Based Scripting tools § Buffer Overflow protection Tools § File Encryption Tools § Database Assessment Tools § Keyboard Logging and Screen Reordering Tools § System Event Logging and Reviewing Tools Module 27: Covert Hacking § Insider Attacks § What is Covert Channel? § Security Breach § Why Do You Want to Use Covert Channel? § Motivation of a Firewall Bypass § Tripwire and Checksum Tools § Covert Channels Scope § Mobile-code Scanning Tools § Covert Channel: Attack Techniques § Centralized Security Monitoring Tools § Simple Covert Attacks § Web Log Analysis Tools § Advanced Covert Attacks § Forensic Data and Collection Tools § Standard Direct Connection § Security Assessment Tools § Reverse Shell (Reverse Telnet) § Multiple OS Management Tools § Direct Attack Example § Phases of Penetration Testing § In-Direct Attack Example ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center § Reverse Connecting Agents · Example Directory Traversal Function § Covert Channel Attack Tools · “dot dot” Method o Netcat · Example Code for a “dot dot” Method o DNS Tunneling o Virus Infection: Step II o Covert Channel Using DNS Tunneling o Virus Infection: Step III o DNS Tunnel Client · o DNS Tunneling Countermeasures o Virus Infection: Step IV o Covert Channel Using SSH o Virus Infection: Step V o Covert Channel using SSH (Advanced) § Components of Viruses o HTTP/S Tunneling Attack o Functioning of Replicator part § Covert Channel Hacking Tool: Active Port Forwarder o Writing Replicator Marking a File for Infection o Writing Concealer § Covert Channel Hacking Tool: CCTT o Dispatcher § Covert Channel Hacking Tool: Firepass o Writing Bomb/Payload § Covert Channel Hacking Tool: MsnShell § Covert Channel Hacking Tool: Web Shell § Covert Channel Hacking Tool: NCovert o Ncovert - How it works · Trigger Mechanism · Bombs/Payloads · Brute Force Logic Bombs § Testing Virus Codes § Covert Channel Hacking via Spam E-mail Messages § Tips for Better Virus Writing § Hydan Module 28: Writing Virus Codes Module 29: Assembly Language Tutorial § Introduction of Virus Base 10 System § Types of Viruses Base 2 System § Symptoms of a Virus Attack Decimal 0 to 15 in Binary § Prerequisites for Writing Viruses Binary Addition (C stands for Canary) § Required Tools and Utilities Hexadecimal Number § Virus Infection Flow Chart Hex Example o Virus Infection: Step I Hex Conversion · nibble Directory Traversal Method ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center Computer memory Input and output Characters Coding C Interface ASCII and UNICODE Call CPU Creating a Program Machine Language Why should anyone learn assembly at all? Compilers Clock Cycle Assembling the code Original Registers Compiling the C code Instruction Pointer Linking the object files Pentium Processor Understanding an assembly listing file Interrupts Big and Little Endian Representation Interrupt handler Skeleton File External interrupts and Internal interrupts Working with Integers Handlers Signed integers Machine Language Signed Magnitude Assembly Language Two’s Compliment Assembler If statements Assembly Language Vs High-level Language Do while loops Assembly Language Compilers Indirect addressing Instruction operands Subprogram MOV instruction The Stack ADD instruction The SS segment SUB instruction ESP INC and DEC instructions The Stack Usage Directive The CALL and RET Instructions preprocessor General subprogram form equ directive Local variables on the stack %define directive Data directives General subprogram form with local variables Labels Multi-module program Saving registers ITPro Global ® 2009 www.itpro.net.vn o First.asm Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center Labels of functions o NASM Calculating addresses of local variables o GDB o objdump o ktrace Module 30: Exploit Writing Exploits Overview o strace Prerequisites for Writing Exploits and Shellcodes o readelf Purpose of Exploit Writing Types of Exploits Stack Overflow Heap Corruption Steps for Writing a Shellcode Issues Involved With Shellcode Writing o Addressing problem o Null byte problem o System call implementation o Format String o Integer Bug Exploits o Race Condition o TCP/IP Attack The Proof-of-Concept and Commercial Grade Exploit Converting a Proof of Concept Exploit to Commercial Grade Exploit Attack Methodologies Socket Binding Exploits Tools for Exploit Writing o LibExploit o Metasploit o CANVAS Module 31: Smashing the Stack for Fun and Profit What is a Buffer? Static Vs Dynamic Variables Stack Buffers Data Region Memory Process Regions What Is A Stack? Why Do We Use A Stack? The Stack Region Stack frame Stack pointer Procedure Call (Procedure Prolog) Steps for Writing an Exploit Compiling the code to assembly Differences Between Windows and Linux Exploits Call Statement Shellcodes Return Address (RET) NULL Byte Word Size Types of Shellcodes Stack Tools Used for Shellcode Development Buffer Overflows ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center Error Why do we get a segmentation violation? Segmentation Error Instruction Jump Guess Key Parameters Calculation Shell Code o The code to spawn a shell in C Lets try to understand what is going on here. We'll start by studying main: execve() o execve() system call exit.c o List of steps with exit call The code in Assembly JMP Code using indexed addressing Offset calculation shellcodeasm.c testsc.c Compile the code NULL byte shellcodeasm2.c testsc2.c Writing an Exploit overflow1.c Compiling the code sp.c vulnerable.c NOPs o Using NOPs ITPro Global ® 2009 www.itpro.net.vn o Estimating the Location Module 32: Windows Based Buffer Overflow Exploit Writing Buffer Overflow Stack overflow Writing Windows Based Exploits Exploiting stack based buffer overflow OpenDataSource Buffer Overflow Vulnerability Details Simple Proof of Concept Windbg.exe Analysis EIP Register o Location of EIP o EIP Execution Flow But where can we jump to? Offset Address The Query Finding jmp esp Debug.exe listdlls.exe Msvcrt.dll Out.sql The payload ESP Limited Space Getting Windows API/function absolute address Memory Address Other Addresses Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center Compile the program § Tool: LSW DotNet-Reflection-Browser Final Code § Tool: Reflector § Tool: Spices NET.Decompiler § Tool: Decompilers.NET Module 33: Reverse Engineering § .NET Obfuscator and .NET Obfuscation § Positive Applications of Reverse Engineering § Java Bytecode Decompilers § Ethical Reverse Engineering § Tool: JODE Java Decompiler § World War Case Study § Tool: JREVERSEPRO § DMCA Act § Tool: SourceAgain § What is Disassembler? § Tool: ClassCracker § Why do you need to decompile? § Python Decompilers § Professional Disassembler Tools § Reverse Engineering Tutorial § Tool: IDA Pro § OllyDbg Debugger § Convert Machine Code to Assembly Code § How Does OllyDbg Work? § Decompilers § Debugging a Simple Console Application § Program Obfuscation § Convert Assembly Code to C++ code § Machine Decompilers § Tool: dcc § Machine Code of compute.exe Prorgam § Assembly Code of compute.exe Program Module 34: MAC OS X Hacking Introduction to MAC OS Vulnerabilities in MAC o Crafted URL Vulnerability o CoreText Uninitialized Pointer Vulnerability § Code Produced by the dcc Decompiler in C o ImageIO Integer overflow Vulnerability § Tool: Boomerang o DirectoryService Vulnerability § What Boomerang Can Do? o iChat UPnP buffer overflow Vulnerability § Andromeda Decompiler o ImageIO Memory Corruption Vulnerability § Tool: REC Decompiler o Code Execution Vulnerability § Tool: EXE To C Decompiler o UFS filesystem integer overflow Vulnerability § Delphi Decompilers o Kernel "fpathconf()" System call Vulnerability § Tools for Decompiling .NET Applications o UserNotificationCenter Privilege Escalation Vulnerability § Salamander .NET Decompiler ITPro Global ® 2009 www.itpro.net.vn o Other Vulnerabilities in MAC Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center How a Malformed Installer Package Can Crack Mac OS X Worm and Viruses in MAC o OSX/Leap-A o Inqtana.A o Macro Viruses Anti-Viruses in MAC o VirusBarrier o McAfee Virex for Macintosh o Endpoint Security and Control o Norton Internet Security Mac Security Tools o MacScan Types of Router Attacks Router Attack Topology Denial of Service (DoS) Attacks Packet “Mistreating” Attacks Routing Table Poisoning Hit-and-run Attacks vs. Persistent Attacks Cisco Router o Finding a Cisco Router o How to Get into Cisco Router o Breaking the Password o Is Anyone Here o Looking Around o IPNetsentryx o FileGuard Countermeasures Module 35: Hacking Routers, cable Modems and Firewalls Network Devices Identifying a Router o Implications of a Router Attack o Covering Tracks o ClamXav SING: Tool for Identifying the Router Eigrp-tool Tool: Zebra Tool: Yersinia for HSRP, CDP, and other layer 2 attacks Tool: Cisco Torch Monitoring SMTP(port25) Using SLcheck Monitoring HTTP(port 80) Cable Modem Hacking o OneStep: ZUP HTTP Configuration Arbitrary Administrative Access Vulnerability www.bypassfirewalls.net ADMsnmp Waldo Beta 0.7 (b) Solarwinds MIB Browser Brute-Forcing Login Services Hydra Analyzing the Router Config Cracking the Enable Password Tool: Cain and Abel ITPro Global ® 2009 www.itpro.net.vn Module 36: Hacking Mobile Phones, PDA and Handheld Devices Different OS in Mobile Phone Different OS Structure in Mobile Phone Evolution of Mobile Threat Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center Threats o Tool to Unlock iPhone: iPhoneSimFree What Can A Hacker Do o Tool to Unlock iPhone: anySIM Vulnerabilities in Different Mobile Phones o Steps for Unlocking your iPhone using AnySIM Malware Spyware o Activate the Voicemail Button on your Unlocked iPhone o Spyware: SymbOS/Htool-SMSSender.A.intd o Spyware: SymbOS/MultiDropper.CG o Best Practices against Malware Blackberry o Blackberry Attacks o Blackberry Attacks: Blackjacking o BlackBerry Wireless Security o BlackBerry Signing Authority Tool o Countermeasures PDA o PDA Security Issues o ActiveSync attacks o HotSync Attack o PDA Virus: Brador o PDA Security Tools: TigerSuite PDA o Security Policies for PDAs iPod o Misuse of iPod o Jailbreaking o Tools for jailbreaking: iFuntastic o Prerequisite for iPhone Hacking o Step by Step iPhone Hacking using iFuntastic o Podloso Virus o Security tool: Icon Lock-iT XP Mobile: Is It a Breach to Enterprise Security? o Threats to Organizations Due to Mobile Devices o Security Actions by Organizations Viruses o Skulls o Duts o Doomboot.A: Trojan Antivirus o Kaspersky Antivirus Mobile o Airscanner o BitDefender Mobile Security o SMobile VirusGuard o Symantec AntiVirus o F-Secure Antivirus for Palm OS o BullGuard Mobile Antivirus Security Tools o Sprite Terminator o Mobile Security Tools: Virus Scan Mobile Defending Cell Phones and PDAs Against Attack Mobile Phone Security Tips o Step by step iPhone Hacking o AppSnapp Steps for AppSnapp ITPro Global ® 2009 www.itpro.net.vn Module 37: Bluetooth Hacking Bluetooth Introduction Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center Security Issues in Bluetooth o BlueSweep Security Attacks in Bluetooth Devices o Bluekey o Bluejacking o BlueFire Mobile Security Enterprise Edition o Tools for Bluejacking o BlueAuditor o BlueSpam o Bluetooth Network Scanner o Blue snarfing Countermeasures o BlueBug Attack o Short Pairing Code Attacks Module 38: VoIP Hacking o Man-In-Middle Attacks What is VoIP o OnLine PIN Cracking Attack VoIP Hacking Steps o BTKeylogging attack Footprinting o BTVoiceBugging attack o Information Sources o Blueprinting o Unearthing Information o Bluesmacking - The Ping of Death o Organizational Structure and Corporate Locations o Denial-of-Service Attack o Help Desk o BlueDump Attack o Job Listings Bluetooth hacking tools o Phone Numbers and Extensions o BTScanner o VoIP Vendors o Bluesnarfer o Resumes o Bluediving o WHOIS and DNS Analysis o Transient Bluetooth Environment Auditor o Steps to Perform Footprinting o BTcrack Scanning o Blooover o Host/Device Discovery o Hidattack o ICMP Ping Sweeps Bluetooth Viruses and Worms o ARP Pings o Cabir o TCP Ping Scans o Mabir o SNMP Sweeps o Lasco o Port Scanning and Service Discovery Bluetooth Security tools o BlueWatch ITPro Global ® 2009 www.itpro.net.vn o TCP SYN Scan o UDP Scan Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center o Host/Device Identification Enumeration o Flooding Attacks o DNS Cache Poisoning o Steps to Perform Enumeration o Sniffing TFTP Configuration File Transfers o Banner Grabbing with Netcat o Performing Number Harvesting and Call Pattern Tracking o SIP User/Extension Enumeration REGISTER Username Enumeration INVITE Username Enumeration OPTIONS Username Enumeration Automated OPTIONS Scanning with sipsak Automated REGISTER, INVITE and OPTIONS Scanning with SIPSCAN against SIP server o Call Eavesdropping o Interception through VoIP Signaling Manipulation o Man-In-The-Middle (MITM) Attack o Application-Level Interception Techniques How to Insert Rogue Application SIP Rogue Application Listening to/Recording Calls Replacing/Mixing Audio o Enumerating TFTP Servers Dropping Calls with a Rogue SIP Proxy o SNMP Enumeration Randomly Redirect Calls with a Rogue SIP Proxy Additional Attacks with a Rogue SIP Proxy Automated OPTIONS Scanning Using SIPSCAN against SIP Phones o Enumerating VxWorks VoIP Devices Steps to Exploit the Network o Denial-of-Service (DoS) o Distributed Denial-of-Service (DDoS) Attack o Internal Denial-of-Service Attack o DoS Attack Scenarios o What is Fuzzing Why Fuzzing Commercial VoIP Fuzzing tools o Signaling and Media Manipulation Registration Removal with erase_registrations Tool Registration Addition with add_registrations Tool o Eavesdropping o Packet Spoofing and Masquerading o Replay Attack o Call Redirection and Hijacking o ARP Spoofing o VoIP Phishing Covering Tracks o ARP Spoofing Attack o Service Interception o H.323-Specific Attacks o SIP Security Vulnerabilities o SIP Attacks ITPro Global ® 2009 www.itpro.net.vn Module 39: RFID Hacking § RFID- Definition § Components of RFID Systems § RFID Collisions Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center RFID Risks o Business Process Risk o Technical Controls § RFID Security o Business Intelligence Risk o Privacy Risk o Externality Risk Module 40: Spamming Introduction Hazards of Electromagnetic Radiation Techniques used by Spammers Computer Network Attacks How Spamming is performed § RFID and Privacy Issues Spammer: Statistics § Countermeasures Worsen ISP: Statistics § RFID Security and Privacy Threats Top Spam Effected Countries: Statistics o Sniffing Types of Spam Attacks o Tracking Spamming Tools o Spoofing o Farelogic Worldcast o Replay attacks o 123 Hidden Sender o Denial-of-service o YL Mail Man § Protection Against RFID Attacks o Sendblaster § RFID Guardian o Direct Sender § RFID Malware o Hotmailer o How to Write an RFID Virus o PackPal Bulk Email Server o How to Write an RFID Worm o IEmailer o Defending Against RFID Malware Anti-Spam Techniques § RFID Exploits Anti- Spamming Tools § Vulnerabilities in RFID-enabled Credit Cards o AEVITA Stop SPAM Email o Skimming Attack o SpamExperts Desktop o Replay Attack o SpamEater Pro o Eavesdropping Attack o SpamWeasel § RFID Hacking Tool: RFDump o Spytech SpamAgent § RFID Security Controls o AntispamSniper o Management Controls o Spam Reader o Operational Controls o Spam Assassin Proxy (SA) Proxy ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center o MailWasher Free o USB CopyNotify o Spam Bully o Remora USB File Guard Countermeasures o Advanced USB Pro Monitor o Folder Password Expert USB Module 41: Hacking USB Devices o USBlyzer § Introduction to USB Devices o USB PC Lock Pro § Electrical Attack o Torpark § Software Attack o Virus Chaser USB § USB Attack on Windows § Countermeasures § Viruses and Worms o W32/Madang-Fam Module 42: Hacking Database Servers o W32/Hasnot-A Hacking Database server: Introduction o W32/Fujacks-AK Hacking Oracle Database Server o W32/Fujacks-E o Attacking Oracle o W32/Dzan-C o Security Issues in Oracle o W32/SillyFD-AA o Types of Database Attacks o W32/SillyFDC-BK o How to Break into an Oracle Database and Gain DBA Privileges o W32/LiarVB-A o W32/Hairy-A o W32/QQRob-ADN o W32/VBAut-B o HTTP W32.Drom § Hacking Tools o USB Dumper o USB Switchblade o USB Hacksaw § USB Security Tools o MyUSBonly o USBDeview o USB-Blocker ITPro Global ® 2009 www.itpro.net.vn o Oracle Worm: Voyager Beta o Ten Hacker Tricks to Exploit SQL Server Systems Hacking SQL Server o How SQL Server is Hacked o Query Analyzer o odbcping Utility o Tool: ASPRunner Professional o Tool: FlexTracer Security Tools SQL Server Security Best Practices: Administrator Checklist § SQL Server Security Best Practices: Developer Checklist Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center Introduction to Internet Filter o Key Features of Internet Filters o Pros and Cons of Internet Filters Internet Content Filtering Tools o iProtectYou o Tool: Block Porn o Tool: FilterGate o Tool: Adblock o Tool: AdSubtract o Tool: GalaxySpy o Tool: AdsGone Pop Up Killer o Tool: AntiPopUp o Tool: Pop Up Police o Tool: Super Ad Blocker o Tool: Anti-AD Guard o Net Nanny o CyberSieve o BSafe Internet Filter o Tool: Stop-the-Pop-Up Lite o Tool: WebCleaner o Tool: AdCleaner o Tool: Adult Photo Blanker o Tool: LiveMark Family § Table 1: How Websites Support Objectives of terrorist/Extremist Groups o Tool: KDT Site Blocker § Electronic Jihad o Internet Safety Guidelines for Children Module 43: Cyber Warfare- Hacking, Al-Qaida and Terrorism § Cyber Terrorism Over Internet § Cyber-Warfare Attacks § 45 Muslim Doctors Planned US Terror Raids § Net Attack § Al-Qaeda § Why Terrorists Use Cyber Techniques § Cyber Support to Terrorist Operations § Planning § Recruitment § Research § Propaganda § Propaganda: Hizballah Website § Cyber Threat to the Military § Russia ‘hired botnets’ for Estonia Cyber-War § NATO Threatens War with Russia § Bush on Cyber War: ‘a subject I can learn a lot about’ § E.U. Urged to Launch Coordinated Effort Against Cybercrime § Budget: Eye on Cyber-Terrorism Attacks § Cyber Terror Threat is Growing, Says Reid § Terror Web 2.0 § Electronic Jihad' App Offers Cyber Terrorism for the Masses § Cyber Jihad – Cyber Firesale § http://internet-haganah.com/haganah/ Module 45: Privacy on the Internet Internet privacy Proxy privacy Spyware privacy Module 44: Internet Content Filtering Techniques ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center Email privacy o Max Internet Optimizer Cookies o Hotspot Shield Examining Information in Cookies o Anonymous Browsing Toolbar How Internet Cookies Work o Invisible Browsing How Google Stores Personal Information o Real Time Cleaner Google Privacy Policy o Anonymous Web Surfing Web Browsers o Anonymous Friend Web Bugs o Easy Hide IP Downloading Freeware Internet Relay Chat o Agnitum firewall Pros and Cons of Internet Relay Chat o Firestarter Electronic Commerce o Sunbelt Personal Firewall Internet Privacy Tools: Anonymizers o Netdefender Internet Privacy Tools: Firewall Tools o Anonymizer Anonymous Surfing o Anonymizer Total Net Shield o Privacy Eraser o Anonymizer Nyms o CookieCop o Anonymizer Anti-Spyware o Cookiepal o Anonymizer Digital Shredder Lite o Historykill o Steganos Internet Anonym o Tracks eraser o Invisible IP Map o NetConceal Anonymity Shield o Protecting Search Privacy o Anonymous Guest o Tips for Internet Privacy o ViewShield o IP Hider o Mask Surf Standard o VIP Anonymity Statistics for Stolen and Recovered Laptops o SmartHide Statistics on Security o Anonymity Gateway o Hide My IP Percentage of Organizations Following the Security Measures Claros Anonymity Laptop threats o Laptop Theft ITPro Global ® 2009 www.itpro.net.vn Internet Privacy Tools: Others Best Practices Counter measures Module 46: Securing Laptop Computers Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center Fingerprint Reader Protecting Laptops Through Face Recognition Bluetooth in Laptops Tools o Laptop Security o Laptop Security Tools o Laptop Alarm o Flexysafe o Master Lock o eToken o STOP-Lock o True Crypt o PAL PC Tracker o Cryptex o Dekart Private Disk Multifactor o Laptop Anti-Theft o Inspice Trace o ZTRACE GOLD o SecureTrieve Pro o XTool Laptop Tracker o XTool Encrypted Disk o XTool Asset Auditor o XTool Remote Delete § Securing from Physical Laptop Thefts § Hardware Security for Laptops § Protecting the Sensitive Data § Preventing Laptop Communications from Wireless Threats Module 47: Spying Technologies § Spying § Motives of Spying § Spying Devices o Spying Using Cams o Video Spy o Video Spy Devices o Tiny Spy Video Cams o Underwater Video Camera o Camera Spy Devices o Goggle Spy o Watch Spy o Pen Spy o Binoculars Spy o Toy Spy o Spy Helicopter o Wireless Spy Camera o Spy Kit o Spy Scope: Spy Telescope and Microscope o Spy Eye Side Telescope o Audio Spy Devices o Eavesdropper Listening Device o GPS Devices o Spy Detectors o Spy Detector Devices § Vendors Hosting Spy Devices o Spy Gadgets § Protecting the Stolen Laptops from Being Used o Spy Tools Directory § Security Tips o Amazon.com ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center o Spy Associates Techniques Used for Corporate Espionage o Paramountzone Process of Hacking o Surveillance Protection Former Forbes Employee Pleads Guilty § Spying Tools o Net Spy Pro-Computer Network Monitoring and Protection Former Employees Abet Stealing Trade Secrets California Man Sentenced For Hacking o SpyBoss Pro Federal Employee Sentenced for Hacking o CyberSpy Facts o Spytech SpyAgent Key Findings from U.S Secret Service and CERT Coordination Center/SEI study on Insider Threat Tools o ID Computer Spy o e-Surveiller o KGB Spy Software o NetVizor o O&K Work Spy o Privatefirewall w/Pest Patrol o WebCam Spy § Countermeasures o Golden Eye o Best Practices against Insider Threat § Anti-Spying Tools o Countermeasures o Internet Spy Filter o Spybot - S&D Module 49: Creating Security Policies o SpyCop Security policies o Spyware Terminator Key Elements of Security Policy o XoftSpySE Defining the Purpose and Goals of Security Policy Role of Security Policy Classification of Security Policy Module 48: Corporate Espionage- Hacking Using Insiders Introduction To Corporate Espionage Design of Security Policy Information Corporate Spies Seek Contents of Security Policy Insider Threat Configurations of Security Policy Different Categories of Insider Threat Implementing Security Policies Privileged Access Types of Security Policies Driving Force behind Insider Attack o Promiscuous Policy Common Attacks carried out by Insiders o Permissive Policy ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center o Prudent Policy o Paranoid Policy o Acceptable-Use Policy Software Activation: Introduction o User-Account Policy o Process of Software Activation o Remote-Access Policy Piracy o Information-Protection Policy o Piracy Over Internet o Firewall-Management Policy o Abusive Copies o Special-Access Policy o Pirated Copies o Network-Connection Policy o Cracked Copies o Business-Partner Policy o Impacts of piracy o Other Important Policies o Software Piracy Rate in 2006 Policy Statements o Piracy Blocking Basic Document Set of Information Security Policies Software Copy Protection Backgrounders o E-mail Security Policy CD Key Numbers o Best Practices for Creating E-mail Security Policies Dongles o o Media Limited Installations o User Identification and Passwords Policy o Protected Media Software Security Policy o Hidden Serial Numbers Software License Policy o Digital Right Management (DRM) Points to Remember While Writing a Security Policy o Copy protection for DVD Warez Sample Policies o Warez o Remote Access Policy o Types of Warez o Warez Distribution o Distribution Methods Tool: Crypkey Tool: EnTrial EnTrial Tool: Distribution File EnTrial Tool: Product & Package Initialization Dialog EnTrial Tool: Add Package GUI o Wireless Security Policy o E-mail Security Policy o E-mail and Internet Usage Policies o Personal Computer Acceptable Use Policy o Firewall Management policy o Internet Acceptable Use Policy o User Identification and Password Policy o Software License Policy ITPro Global ® 2009 www.itpro.net.vn Module 50: Software Piracy and Warez Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center Tool: DF_ProtectionKit § Example for Attacker to Attack the Feeds Tool: Crack Killer § Tools Tool: Logic Protect o Perseptio FeedAgent Tool: Software License Manager o RssFeedEater Tool: Quick License Manager o Thingamablog Tool: WTM CD Protect o RSS Builder Module 51: Hacking and Cheating Online Games o RSS Submit Online Games: Introduction o FeedDemon Basics of Game Hacking o FeedForAll Threats in Online Gaming o FeedExpress Cheating in Online Computer Games o RSS and Atom Security Types of Exploits Example of popular game exploits Module 53: Hacking Web Browsers (Firefox, IE) Stealing Online Game Passwords § Introduction o Stealing Online Game Passwords: Social Engineering and Phishing § How Web Browsers Work Online Gaming Malware from 1997-2007 Best Practices for Secure Online Gaming Tips for Secure Online Gaming § How Web Browsers Access HTML Documents § Protocols for an URL § Hacking Firefox Module 52: Hacking RSS and Atom o Firefox Proof of Concept Information Leak Vulnerability § Introduction o Firefox Spoofing Vulnerability § Areas Where RSS and Atom is Used o Password Vulnerability § Building a Feed Aggregator o Concerns With Saving Form Or Login Data § Routing Feeds to the Email Inbox o Cleaning Up Browsing History § Monitoring the Server with Feeds o Cookies § Tracking Changes in Open Source Projects o Internet History Viewer: Cookie Viewer § Risks by Zone § Firefox Security o Remote Zone risk o Blocking Cookies Options o Local Zone Risk o Tools For Cleaning Unwanted Cookies § Reader Specific Risks o Tool: CookieCuller § Utilizing the Web Feeds Vulnerabilities o Getting Started ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center o Privacy Settings o AutoFill o Security Settings o Security Features o Content Settings § Hacking Netscape o Clear Private Data o Netscape Navigator Improperly Validates SSL Sessions o Mozilla Firefox Security Features § Hacking Internet Explorer o Redirection Information Disclosure Vulnerability o Window Injection Vulnerability § Internet Explorer Security o Getting Started o Security Zones o Custom Level o Netscape Navigator Security Vulnerability § Securing Netscape o Getting Started o Privacy Settings o Security Settings o Content Settings o Clear Private Data o Trusted Sites Zone o Privacy o Overwrite Automatic Cookie Handling o Per Site Privacy Actions o Specify Default Applications o Internet Explorer Security Features § Hacking Opera o JavaScript Invalid Pointer Vulnerability o BitTorrent Header Parsing Vulnerability o Torrent File Handling Buffer Overflow Vulnerability § Security Features of Opera o Security and Privacy Features § Hacking Safari o Safari Browser Vulnerability o iPhone Safari Browser Memory Exhaustion Remote Dos Vulnerability Module 54: Proxy Server Technologies § Introduction: Proxy Server § Working of Proxy Server § Types of Proxy Server § Socks Proxy § Free Proxy Servers § Use of Proxies for Attack § Tools o WinGate o UserGate Proxy Server o Advanced FTP Proxy Server o Trilent FTP Proxy o SafeSquid o AllegroSurf o ezProxy § Securing Safari o Proxy Workbench o Getting started o ProxyManager Tool o Preferences o Super Proxy Helper Tool ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center o MultiProxy o Imperva: SecureSphere § How Does MultiProxy Work o MailMarshal § TOR Proxy Chaining Software o WebMarshal § TOR Proxy Chaining Software o Marshal EndPoint § AnalogX Proxy o Novell ZENworks Endpoint Security Management § NetProxy o Prism EventTracker § Proxy+ o Proofpoint Messaging Security Gateway § ProxySwitcher Lite o Proofpoint Platform Architecture § Tool: JAP o Summary Dashboard § Proxomitron o End-user Safe/Block List § SSL Proxy Tool o Defiance Data Protection System § How to Run SSL Proxy o Sentrigo: Hedgehog o Symantec Database Security Module 55: Data Loss Prevention o Varonis: DataPrivilege § Introduction: Data Loss o Verdasys: Digital Guardian § Causes of Data Loss o VolumeShield AntiCopy § How to Prevent Data Loss o Websense Content Protection Suite § Impact Assessment for Data Loss Prevention § Tools o Security Platform o Check Point Software: Pointsec Data Security o Cisco (IronPort) o Content Inspection Appliance o CrossRoads Systems: DBProtector o Strongbox DBProtector Architecture o DeviceWall o Exeros Discovery o GFi Software: GFiEndPointSecurity o GuardianEdge Data Protection Platform o ProCurve Identity Driven Manager (IDM) Module 56: Hacking Global Positioning System (GPS) Geographical Positioning System (GPS) Terminologies GPS Devices Manufacturers Gpsd-GPS Service Daemon Sharing Waypoints Wardriving Areas of Concern Sources of GPS Signal Errors Methods to Mitigate Signal Loss GPS Secrets o ITPro Global ® 2009 www.itpro.net.vn GPS Hidden Secrets Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center o Secret Startup Commands in Garmin o Category of Incidents: Low Level o Hard Reset/ Soft Reset o Category of Incidents: Mid Level Firmware Hacking o Category of Incidents: High Level o Firmware o How to Identify an Incident o Hacking GPS Firmware: Bypassing the Garmin eTrex Vista Startup Screen o How to Prevent an Incident o Hacking GPS Firmware: Bypassing the Garmin eTrex Legend Startup Screen o Hacking GPS Firmware: Bypassing the Garmin eTrex Venture Startup Screen GPS Tools o Tool: GPS NMEA LOG o Tool: GPS Diagnostic o Tool: RECSIM III o Tool: G7toWin o Tool: G7toCE o Tool: GPS Security Guard o GPS Security Guard Functions o UberTracker o Defining the Relationship between Incident Response, Incident Handling, and Incident Management o Incident Response Checklist o Handling Incidents o Procedure for Handling Incident · Stage 1: Preparation · Stage 2: Identification · Stage 3: Containment · Stage 4: Eradication · Stage 5: Recovery · Stage 6: Follow-up § Incident Management § Why don’t Organizations Report Computer Crimes § Estimating Cost of an Incident Module 57: Computer Forensics and Incident Handling § Whom to Report an Incident § Computer Forensics § Incident Reporting o What is Computer Forensics § Vulnerability Resources o Need for Computer Forensics § What is CSIRT o Objectives of Computer Forensics o CSIRT: Goals and Strategy o Stages of Forensic Investigation in Tracking Cyber Criminals o Why an Organization needs an Incident Response Team o Key Steps in Forensic Investigations o CSIRT Case Classification o List of Computer Forensics Tools o Types of Incidents and Level of Support § Incident Handling o Incident Specific Procedures-I (Virus and Worm Incidents) o Present Networking Scenario o Incident Specific Procedures-II (Hacker Incidents) o What is an Incident ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center o Incident Specific Procedures-III (Social Incidents, Physical Incidents) o Credit Card Fraud Detection Technique: Pattern Detection o How CSIRT Handles Case: Steps o Credit Card Fraud Detection Technique: Fraud Screening o Example of CSIRT o Best Practices for Creating a CSIRT · in Step 1: Obtain Management Support and Buy- o XCART: Online fraud Screening Service o Card Watch o MaxMind Credit Card Fraud Detection · Step 2: Determine the CSIRT Development Strategic Plan · Step 3: Gather Relevant Information · Step 4: Design your CSIRT Vision · Step 5: Communicate the CSIRT Vision · Step 6: Begin CSIRT Implementation · Step 7: Announce the CSIRT § World CERTs http://www.trustedintroducer.nl/teams/country.html o 3D Secure o Limitations of 3D Secure o FraudLabs o www.pago.de o Pago Fraud Screening Process o What to do if you are a Victim of a Fraud o Facts to be Noted by Consumers § Best Practices: Ways to Protect Your Credit Cards § http://www.first.org/about/organization/teams/ § IRTs Around the World Module 58: Credit Card Frauds § E-Crime § Statistics § Credit Card o Credit Card Fraud o Credit Card Fraud o Credit Card Fraud Over Internet o Net Credit/Debit Card Fraud In The US After Gross Charge-Offs Module 59: How to Steal Passwords § § § § Password Stealing How to Steal Passwords Password Stealing Techniques Password Stealing Trojans o MSN Hotmail Password Stealer o AOL Password Stealer o Trojan-PSW.Win32.M2.14.a o CrazyBilets o Dripper o Fente o GWGhost § Credit Card Generators o Kesk o Credit Card Generator o MTM Recorded pwd Stealer o RockLegend’s !Credit Card Generator o Password Devil § Credit Card Fraud Detection § Password Stealing Tools o Password Thief ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center o Remote Password Stealer o Symantec Enterprise Firewall o POP3 Email Password Finder o Kerio WinRoute Firewall o Instant Password Finder o Sunbelt Personal Firewall o MessenPass o Xeon Firewall o PstPassword o InJoy Firewall o Remote Desktop PassView o PC Tools Firewall Plus o IE PassView o Comodo Personal Firewall o Yahoo Messenger Password o ZoneAlarm § Recommendations for Improving Password Security § Best Practices § Linux Firewalls o KMyFirewall o Firestarter Module 60: Firewall Technologies o Guarddog § Firewalls: Introduction o Firewall Builder § Hardware Firewalls § Mac OS X Firewalls o Hardware Firewall o Flying Buttress o Netgear Firewall o DoorStop X Firewall o Personal Firewall Hardware: Linksys o Intego NetBarrier X5 o Personal Firewall Hardware: Cisco’s PIX o Little Snitch o Cisco PIX 501 Firewall o Cisco PIX 506E Firewall o Cisco PIX 515E Firewall Module 61: Threats and Countermeasures Domain Level Policies o CISCO PIX 525 Firewall o Account Policies o CISCO PIX 535 Firewall o Password Policy o Check Point Firewall o Password Policy o Nortel Switched Firewall o Password Policy - Policies § Software Firewalls Enforce Password History o Software Firewall o Enforce Password History - Vulnerability § Windows Firewalls o Enforce Password History - Countermeasure o Norton Personal Firewall o Enforce Password History - Potential Impact o McAfee Personal Firewall ITPro Global ® 2009 www.itpro.net.vn Maximum Password Age Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center o Password Age - Vulnerability o Account Lockout Threshold - Vulnerability o Maximum Password Age - Countermeasure o Account Lockout Threshold - Countermeasure o Maximum Password Age - Potential Impact o Account Lockout Threshold - Potential Impact o Maximum Password Age Reset Account Lockout Counter After o Minimum Password Age Kerberos Policy o Minimum Password Age - Vulnerability o Kerberos Policy - Policies o Minimum Password Age - Countermeasure Enforce User Logon Restrictions o Minimum Password Age - Potential Impact Maximum Lifetime for Service Ticket o Minimum Password Age Minimum Password Length o Minimum Password Length - Vulnerability o Maximum Lifetime for User Ticket o Maximum Lifetime for User Ticket Renewal Maximum Tolerance for Computer Clock Synchronization Audit Policy o Minimum Password Length - Countermeasure o Minimum Password Length - Potential Impact o Minimum Password Length Passwords Must Meet Complexity Requirements o Passwords must Meet Complexity Requirements Vulnerability o Passwords must Meet Complexity Requirements Countermeasure o Passwords must Meet Complexity Requirements Potential Impact o Passwords must Meet Complexity Requirements Store Password using Reversible Encryption for all Users in the Domain Account Lockout Policy o Audit Settings o Audit Account Logon Events o Audit Account Management o Audit Directory Service Access o Audit Logon Events o Audit Object Access o Audit Policy Change o Audit Privilege Use o Audit Process Tracking o Audit System Events User Rights Access this Computer from the Network Account Lockout Duration Act as Part of the Operating System o Account Lockout Duration - Vulnerability Add Workstations to Domain o Account Lockout Duration - Countermeasure Adjust Memory Quotas for a Process o Account Lockout Duration - Potential Impact Allow Log On Locally o Account Lockout Duration Allow Log On through Terminal Services Back Up Files and Directories o Account Lockout Policy - Policies Account Lockout Threshold ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center Bypass Traverse Checking Shut Down the System Change the System Time Synchronize Directory Service Data Create a Page File Take Ownership of Files or Other Objects Create a Token Object Security Options Create Global Objects Accounts: Administrator Account Status Create Permanent Shared Objects Debug Programs Deny Access to this Computer from the Network Deny Log On as a Batch Job Deny Log On as a Service Deny Log On Locally Deny Log On through Terminal Services Enable Computer and User Accounts to be Trusted for Delegation Force Shutdown from a Remote System Generate Security Audits Impersonate a Client after Authentication Increase Scheduling Priority Load and Unload Device Drivers Lock Pages in Memory Log On as a Batch Job Log On as a Service Manage Auditing and Security Log Modify Firmware Environment Values Perform Volume Maintenance Tasks Profile Single Process Profile System Performance Remove Computer from Docking Station Replace a Process Level Token Restore Files and Directories ITPro Global ® 2009 www.itpro.net.vn o Accounts: Administrator Account Status Vulnerability o Accounts: Administrator Account Status o Accounts: Guest Account Status o Accounts: Limit Local Account Use of Blank Passwords to Console Logon Only o Accounts: Rename Administrator Account o Accounts: Rename Guest Account Audit: Audit the Access of Global System Objects o Audit: Audit the Use of Backup and Restore Privilege o Audit: Shut Down System Immediately if Unable to Log Security Audits DCOM: Machine Access/Launch Restrictions in Security Descriptor Definition Language (SDDL) o DCOM: Machine Access/Launch Restrictions in Security Descriptor Definition Language (SDDL) Devices: Allow Undock without having to Log On Devices: Allowed to Format and Eject Removable Media Devices: Prevent Users from Installing Printer Drivers Devices: Restrict CD-ROM/Floppy Access to Locally Logged-on User Only Devices: Restrict CD-ROM Access to Locally Logged-on User Only Devices: Unsigned Driver Installation Behavior Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center Domain Controller: Allow Server Operators to Schedule Tasks Network Access: Do Not Allow Anonymous Enumeration of SAM Accounts Domain Controller: LDAP Server Signing Requirements Domain Controller: Refuse Machine Account Password Changes Network Access: Do Not Allow Storage of Credentials or .NET Passports for Network Authentication Domain Member: Digitally Encrypt or Sign Secure Channel Data Network Access: Let Everyone Permissions Apply to Anonymous Users Domain Member: Disable Machine Account Password Changes Network Access: Named Pipes that can be Accessed Anonymously Domain Member: Maximum Machine Account Password Age Network Access: Remotely Accessible Registry Paths Domain Member: Require Strong (Windows 2000 or Later) Session Key Network Access: Remotely Accessible Registry Paths and Sub-paths Interactive Logon: Do Not Display Last User Name Network Access: Restrict Anonymous Access to Named Pipes and Shares Interactive Logon: Do Not Require CTRL+ALT+DEL Network Access: Shares that can be Accessed Anonymously Interactive Logon: Message Text for Users Attempting to Log On Network Access: Sharing and Security Model for Local Accounts Network Security: Do Not Store LAN Manager Hash Value on Next Password Change Network Security: Force Logoff when Logon Hours Expire Network Security: LAN Manager Authentication Level Network Security: LDAP Client Signing Requirements Interactive Logon: Number of Previous Logons to Cache Interactive Logon: Prompt User to Change Password before Expiration Interactive Logon: Require Domain Controller Authentication to Unlock Workstation Interactive Logon: Require Smart Card Interactive Logon: Smart Card Removal Behavior Microsoft Network Client and Server: Digitally Sign Communications (Four Related Settings) Network Security: Minimum Session Security for NTLM SSP based (Including Secure RPC) Clients/Servers Microsoft Network Client: Send Unencrypted Password to Third-party SMB Servers Network Security: Minimum Session Security for NTLM SSP based (Including Secure RPC) Clients Microsoft Network Server: Amount of Idle Time Required before Suspending Session Recovery Console: Allow Automatic Administrative Logon Microsoft Network Server: Disconnect Clients when Logon Hours Expire Recovery Console: Allow Floppy Copy and Access to all Drives and all Folders Network Access: Allow Anonymous SID/Name Translation Shutdown: Allow System to be Shut Down Without Having to Log On Shutdown: Clear Virtual Memory Page File ® ITPro Global 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center System Cryptography: Force Strong Key Protection for User Keys Stored on the Computer Client Service for NetWare ClipBook System Cryptography: Use FIPS Compliant Algorithms for Encryption, Hashing, and Signing Cluster Service COM+ Event System System Objects: Default Owner for Objects Created by Members of the Administrators Group COM+ System Application Computer Browser System Objects: Require Case Insensitivity for Non-Windows Subsystems Cryptographic Services DCOM Server Process Launcher DHCP Client DHCP Server Distributed File System Distributed Link Tracking Client Distributed Link Tracking Server Distributed Transaction Coordinator DNS Client o Retain Event Logs DNS Server o Retention Method for Event Log Error Reporting Service o Delegating Access to the Event Logs Event Log System Objects: Strengthen Default Permissions of Internal System Objects System Settings: Use Certificate Rules on Windows Executables for Software Restriction Policies Event Log o Maximum Event Log Size o Prevent Local Guests Group from Accessing Event Logs System Services Fast User Switching Compatibility Services Overview Fax Service Do Not Set Permissions on Service Objects File Replication Manually Editing Security Templates File Server for Macintosh System Services - Alerter FTP Publishing Service Application Experience Lookup Service Help and Support Application Layer Gateway Service HTTP SSL Application Management Human Interface Device Access ASP .NET State Service IAS Jet Database Access Automatic Updates IIS Admin Service Background Intelligent Transfer Service (BITS) IMAPI CD-Burning COM Service Certificate Services Indexing Service ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center Infrared Monitor Plug and Play Internet Authentication Service Portable Media Serial Number Intersite Messaging Print Server for Macintosh IP Version 6 Helper Service Print Spooler IPSec Policy Agent (IPSec Service) Protected Storage IPSec Services QoS RSVP Service Kerberos Key Distribution Center Remote Access Auto Connection Manager License Logging Service Logical Disk Manager o Logical Disk Manager Administrative Service Machine Debug Manager Message Queuing o Remote Access Connection Manager Remote Administration Service Help Session Manager o Remote Desktop Help Session Manager Remote Installation o Message Queuing Down Level Clients o Remote Procedure Call (RPC) o Message Queuing Triggers o Remote Procedure Call (RPC) Locator o Messenger o Remote Registry Service Microsoft POP3 Service o Remote Server Manager Microsoft Software Shadow Copy Provider o Remote Server Monitor MSSQL$UDDI o Remote Storage Notification MSSQLServerADHelper o Remote Storage Server .NET Framework Support Service Removable Storage Net Logon Resultant Set of Policy Provider NetMeeting Remote Desktop Sharing Routing and Remote Access Network Connections SAP Agent Network DDE Secondary Logon Network DDE DSDM Security Accounts Manager Network Location Awareness (NLA) Security Center Network Provisioning Service Server Network News Transfer Protocol (NNTP) Shell Hardware Detection NTLM Security Support Provider Simple Mail Transport Protocol (SMTP) Performance Logs and Alerts Simple TCP/IP Services ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center Smart Card NetMeeting Special Administration Console Helper Disable Remote Desktop Sharing System Event Notification Internet Explorer Computer Settings System Restore Service Task Scheduler Disable Automatic Install of Internet Explorer Components TCP/IP NetBIOS Helper Service Disable Periodic Check for Internet Explorer Software Updates TCP/IP Print Server Telnet Disable Software Update Shell Notifications on Program Launch Terminal Services Make Proxy Settings Per-Machine (Rather than Per-User) Security Zones: Do Not Allow Users to Add/Delete Sites Turn off Crash Detection Do Not Allow Users to Enable or Disable Add-ons Internet Explorer\Internet Control Panel\Security Page Internet Explorer\Internet Control Panel\Advanced Page Allow Software to Run or Install Even if the Signature is Invalid Allow Active Content from CDs to Run on User Machines o Windows System Resource Manager Allow Third-party Browser Extensions o Windows Time Check for Server Certificate Revocation o Terminal Services Licensing o Terminal Services Session Directory Trivial FTP Daemon Uninterruptible Power Supply Upload Manager Virtual Disk Service WebClient Web Element Manager Windows Firewall /Internet Connection Sharing o Windows Installer WinHTTP Web Proxy Auto-Discovery Service Check for Signatures On Downloaded Programs Wireless Configuration Do Not Save Encrypted Pages to Disk Workstation Empty Temporary Internet Files Folder when Browser is Closed World Wide Web Publishing Service Internet Explorer\Security Features Software Restriction Policies Binary Behavior Security Restriction The Threat of Malicious Software MK Protocol Security Restriction Windows XP and Windows Server 2003 Administrative Templates Local Machine Zone Lockdown Security Computer Configuration Settings Consistent MIME Handling ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center MIME Sniffing Safety Features Windows Update Scripted Window Security Restrictions Configure Automatic Updates Restrict ActiveX Install Restrict File Download Reschedule Automatic Updates Scheduled Installations Network Protocol Lockdown System Internet Information Services Turn off Autoplay Prevent IIS Installation Do Not Process The Run Once List Terminal Services Logon Deny Log Off of an Administrator Logged in to the Console Session Don't Display The Getting Started Welcome Screen At Logon Do Not Allow Local Administrators to Customize Permissions Do Not Process The Legacy Run List Group Policy Sets Rules for Remote Control of Terminal Services User Sessions Internet Explorer Maintenance Policy Processing Client/Server Data Redirection IP Security Policy Processing Allow Time Zone Redirection Registry Policy Processing Do Not Allow COM Port Redirection Security Policy Processing Do Not Allow Client Printer Redirection Error Reporting Do Not Allow LPT Port Redirection Display Error Notification Do Not Allow Drive Redirection Report Errors Encryption and Security Internet Communications Management Set Client Connection Encryption Level Distributed COM Always Prompt Client For A Password On Connection Browser Menus Disable Save This Program To Disk Option RPC Security Policy Attachment Manager Secure Server (Require Security) Inclusion List For High Risk File Types Sessions Inclusion List For Moderate Risk File Types Set Time Limit For Disconnected Sessions Inclusion List For Low File Types Allow Reconnection From Original Client Only Trust Logic For File Attachments Windows Explorer Hide Mechanisms To Remove Zone Information Turn Off Shell Protocol Protected Mode Windows Messenger Notify Antivirus Programs When Opening Attachments ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center Windows Explorer Remove Security Tab System\Power Management Additional Registry Entries How to Modify the Security Configuration Editor User Interface TCP/IP-Related Registry Entries Disableipsourcerouting: IP Source Routing Protection Level (Protects Against Packet Spoofing) Enabledeadgwdetect: Allow Automatic Detection Of Dead Network Gateways (Could Lead To Dos) Enableicmpredirect: Allow ICMP Redirects To Override OSPF Generated Routes Keepalivetime: How Often Keep-alive Packets Are Sent In Milliseconds (300,000 Is Recommended) Synattackprotect: Syn Attack Protection Level (Protects Against Dos) Tcpmaxconnectresponseretransmissions: SYN-ACK Retransmissions When A Connection Request Is Not Acknowledged Tcpmaxdataretransmissions: How Many Times Unacknowledged Data Is Retransmitted (3 Recommended, 5 Is Default) Enable Safe DLL Search Order: Enable Safe DLL Search Mode (Recommended) Security Log Near Capacity Warning: Percentage Threshold for the Security Event Log at which the System will Generate a Warning Registry Entries Available In Windows XP With SP2 And Windows Server 2003 With SP1 RunInvalidSignatures Registry Entries Available in Windows XP with SP2 Security Center Registry Entries for XP StorageDevicePolicies\WriteProtect Registry Entries Available in Windows Server 2003 with SP1 UseBasicAuth DisableBasicOverClearChannel Additional Countermeasures Securing the Accounts NTFS Data and Application Segmentation Configure SNMP Community Name Miscellaneous Registry Entries Disable NetBIOS and SMB on Public Facing Interfaces Configure Automatic Reboot from System Crashes Disable Dr. Watson: Disable Automatic Execution of Dr. Watson System Debugger Enable Administrative Shares Configure IPsec Policies Disable Saving of Dial-Up Passwords Configuring Windows Firewall Hide the Computer from Network Neighborhood Browse Lists: Hide Computer From the Browse List Configure Netbios Name Release Security: Allow the Computer to Ignore Netbios Name Release Requests Except from WINS Servers ITPro Global ® 2009 www.itpro.net.vn Module 62: Case Studies Module 63: Botnets Module 64: Economic Espionage Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected] Accredited Training Center Module 65: Patch Management Module 66: Security Convergence Module 67: Identifying the Terrorist ITPro Global ® 2009 www.itpro.net.vn Tel: (84-4) 37875728 – Fax: (84-4) 37875729 Email: [email protected]