Download Ethical Hacking and Countermeasures- v6

Accredited Training Center
Ethical Hacking and Countermeasures- v6
HACKER MŨ TRẮNG - v6
Tổng quan
Khóa học tạo cho học viên một môi trường tương tác. Trong môi trường này học viên sẽ được hướng
dẫn cách quét, kiểm tra, hack và bảo mật những hệ thống của chính họ . Với môi trường Lab chuyên sâu sẽ
trang bị cho mỗi học viên kiến thức sâu rộng và kinh nghiệm thực hành với các hệ thống bảo mật cần thiết
hiện thời. Khởi đầu học viên sẽ hiểu được cách thức bảo vệ, quét và cách thức tấn công hệ thống mạng. Sau
đó học viên sẽ được học cách mà những kẻ đột nhập sử dụng để gia tăng phạm vi ảnh hưởng và những bước
có thể tiến hành để bảo mật một hệ thống. Các học viên cũng sẽ học cách phát hiện xâm nhập, hoạch định
chính sách, cách tấn công DDoS, làm tràn bộ nhớ đệm và tạo ra các loại Virus. Sau khi kết thúc khóa học
chuyên sâu trong 60 giờ, học viên sẽ nắm vững kiến thức và kinh nghiệm trong Ethical Hacking. Khóa học
cung cấp kiến thức và chuẩn bị cho bạn dự thi môn CEH (EC-Council Certified Ethical Hacker) môn thi
CEH312-50.
Đối tượng
Khóa học bổ ích cho các nhân viên có trách nhiệm kiểm soát và đảm bảo an ninh mạng, các chuyên viên
bảo mật, các nhà quản trị, và bất kỳ ai quan tâm về sự toàn vẹn của cơ sở hạ tầng mạng.
Thời lượng
40 giờ
Chứng chỉ
Khóa học này cung cấp cho học viên những kiến thức và kỹ năng cần thiết để học viên có thể vượt qua
bài thi CEH 312-50. Sau khóa học, học viên sẽ nhận được chứng chỉ hoàn thành khóa học của EC-Council .
Để nhận được chứng chỉ quốc tế CEH học viên cần phải vượt qua kỳ thi trực tuyến CEH 312-50 tại các trung
tâm khảo thí Prometric.
Thỏa thuận pháp lý
Sứ mệnh của chương trình CEH là giáo dục, giới thiệu, và cung cấp ra các công cụ hack chỉ dành cho
mục đích kiểm tra sự xâm nhập. Trước khi tham gia khóa học này, học viên sẽ phải ký thỏa thuận cam kết học
viên sẽ không sử dụng các kỹ năng mới học được để dùng cho các tấn công bất hợp pháp hay cố tình làm
hại. Học viên sẽ không sử dụng những công cụ đó để làm hại bất kỳ hệ thống máy tính nào, và mượn danh
EC-Council để sử dụng hay lạm dụng những công cụ này, dù không chủ ý.
Không phải ai cũng được học chương trình này. Các đơn vị đào tạo ủy quyền của EC-Council sẽ phải
đảm bảo người nộp đơn vào học làm việc cho các công ty hoặc các tổ chức hợp pháp.
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
Nội dung khóa học – phiên bản 6
Chương trình CEHv6 bao gồm giảng dạy trên lớp và tự nghiên cứu. Giảng viên sẽ cung cấp chi tiét các học phần tự nghiên cứu
cho học viên ngay từ đầu khóa học.
Module 1: Introduction to Ethical Hacking

Problem Definition -Why Security?

Essential Terminologies

Elements of Security

The Security, Functionality and Ease of Use
Triangle

Case Study

What does a Malicious Hacker do?
o Vulnerability Research Websites
National Vulnerability Database
(nvd.nist.gov)

Securitytracker (www.securitytracker.com)

Securiteam (www.securiteam.com)

Secunia (www.secunia.com)

Hackerstorm Vulnerability Database Tool
(www.hackerstrom.com)
o Phase2-Scanning

HackerWatch (www.hackerwatch.org)
o Phase3-Gaining Access

MILWORM
o Phase4-Maintaining Access

How to Conduct Ethical Hacking
o Phase5-Covering Tracks

How Do They Go About It
Types of Hacker Attacks

Approaches to Ethical Hacking
o Operating System attacks

Ethical Hacking Testing
o Application-level attacks

Ethical Hacking Deliverables
o Shrink Wrap code attacks

Computer Crimes and Implications
Reconnaissance Types

o Vulnerability Research Tools

o Phase1-Reconnaissaance

o Why Hackers Need Vulnerability
Research
o Misconfiguration attacks

Hacktivism

Hacker Classes

Security News: Suicide Hacker

Ethical Hacker Classes

What do Ethical Hackers do

Can Hacking be Ethical

How to become an Ethical Hacker

Skill Profile of an Ethical Hacker

What is Vulnerability Research
ITPro Global ® 2009
www.itpro.net.vn
Module 2: Hacking Laws
§ U.S. Securely Protect Yourself Against
Cyber Trespass Act (SPY ACT)
§ Legal Perspective (U.S. Federal Law)
o 18 U.S.C. § 1029

Penalties
o 18 U.S.C. § 1030

Penalties
o 18 U.S.C. § 1362
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center

o 18 U.S.C. § 2318
§ France Laws
o 18 U.S.C. § 2320
§ German Laws
o 18 U.S.C. § 1831
§ Italian Laws
o 47 U.S.C. § 605, unauthorized publication
or use of communications
§ MALAYSIA: THE COMPUTER CRIMES
ACT 1997
o Washington:
§ HONGKONG: TELECOMMUNICATIONS
RCW 9A.52.110
§ Korea: ACT ON PROMOTION OF
INFORMATION AND COMMUNICATIONS
NETWORK UTILIZATION AND
INFORMATION PROTECTION, ETC.
o Florida:
§ 815.01 to 815.07
§ Greece Laws
o Indiana:

§ Denmark Laws
IC 35-43
§ Netherlands Laws
§ Federal Managers Financial Integrity Act
of 1982
§ Norway
§ The Freedom of Information Act 5 U.S.C. §
552
§ ORDINANCE
§ Mexico
§ Federal Information Security Management
Act (FISMA)
§ The Privacy Act Of 1974 5 U.S.C. § 552a
§ SWITZERLAND
Module 3: Footprinting
§ USA Patriot Act of 2001

Revisiting Reconnaissance
§ United Kingdom’s Cyber Laws

Defining Footprinting
§ United Kingdom: Police and Justice Act
2006

Why is Footprinting Necessary

Areas and Information which Attackers Seek

Information Gathering Methodology
§ European Laws
§ Japan’s Cyber Laws
§ Australia : The Cybercrime Act 2001
o Unearthing Initial Information
·
Finding Company’s URL
§ Indian Law: THE INFORMTION
TECHNOLOGY ACT
·
Internal URL
§ Argentina Laws
·
Extracting Archive of a Website
§ Germany’s Cyber Laws
§ www.archive.org
§ Singapore’s Cyber Laws
·
Google Search for Company’s Info
§ Belgium Law
·
People Search
§ Brazilian Laws
§ Yahoo People Search
§ Canadian Laws
§ Satellite Picture of a Residence
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
§ Best PeopleSearch
o Alchemy Network Tool
§ People-Search-America.com
o Advanced Administrative Tool
§ Switchboard
o My IP Suite
§ Anacubis
o Wikto Footprinting Tool
§ Google Finance
o Whois Lookup
§ Yahoo Finance
o Whois
·
Footprinting through Job Sites
o SmartWhois
·
Passive Information Gathering
o ActiveWhois
·
Competitive Intelligence Gathering
o LanWhois
§ Why Do You Need Competitive
Intelligence?
o CountryWhois
o WhereIsIP
§ Competitive Intelligence Resource
o Ip2country
§ Companies Providing Competitive
Intelligence Services
o CallerIP
§ Carratu International
o Web Data Extractor Tool
§ CI Center
o Online Whois Tools
§ Competitive Intelligence - When Did This
Company Begin? How Did It Develop?
o What is MyIP
o DNS Enumerator
§ Competitive Intelligence - Who Leads This
Company
o SpiderFoot
o Nslookup
§ Competitive Intelligence - What Are This
Company's Plans
§ Competitive Intelligence - What Does
Expert Opinion Say About The Company
§ Competitive Intelligence - Who Are The
Leading Competitors?
§ Competitive Intelligence Tool: Trellian
§ Competitive Intelligence Tool: Web
Investigator
·

Public and Private Websites
Footprinting Tools
o Sensepost Footprint Tools
o Big Brother
o BiLE Suite
ITPro Global ® 2009
www.itpro.net.vn
o Extract DNS Information

Types of DNS Records

Necrosoft Advanced DIG
o Expired Domains
o DomainKing
o Domain Name Analyzer
o DomainInspect
o MSR Strider URL Tracer
o Mozzle Domain Name Pro
o Domain Research Tool (DRT)
o Domain Status Reporter
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
o Reggie

Faking Websites using Man-in-the-Middle
Phishing Kit

Benefits to Fraudster

Steps to Perform Footprinting
o Locate the Network Range
· ARIN
· Traceroute
§
Traceroute Analysis
· 3D Traceroute
Module 4: Google Hacking
§ What is Google hacking
· NeoTrace
§ What a hacker can do with vulnerable site
· VisualRoute Trace
§ Anonymity with Caches
· Path Analyzer Pro
§ Using Google as a Proxy Server
· Maltego
§ Directory Listings
· Layer Four Traceroute
o Locating Directory Listings
· Prefix WhoIs widget
o Finding Specific Directories
· Touchgraph
o Finding Specific Files
· VisualRoute Mail Tracker
o Server Versioning
· eMailTrackerPro

· Read Notify
§ Going Out on a Limb: Traversal
Techniques
E-Mail Spiders
o Directory Traversal
st
o 1 E-mail Address Spider
o Incremental Substitution
o Power E-mail Collector Tool
§ Extension Walking
o GEOSpider

Site Operator
o Geowhere Footprinting Tool

intitle:index.of
o Google Earth

error | warning
o Kartoo Search Engine

login | logon
o Dogpile (Meta Search Engine)

username | userid | employee.ID | “your
username is”

password | passcode | “your password is”

admin | administrator
o Tool: WebFerret
o robots.txt
o WTR - Web The Ripper
o admin login
o Website Watcher

Steps to Create Fake Login Pages

How to Create Fake Login Pages
ITPro Global ® 2009
www.itpro.net.vn

–ext:html –ext:htm –ext:shtml –ext:asp –
ext:php

inurl:temp | inurl:tmp | inurl:backup | inurl:bak
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center

intranet | help.desk
o Default Pages Query for Web Server

Locating Public Exploit Sites
o Outlook Web Access Default Portal
o Locating Exploits Via Common Code
Strings

Searching for Passwords
o Windows Registry Entries Can Reveal
Passwords

Searching for Exploit Code with Nonstandard
Extensions

Locating Source Code with Common Strings

Locating Vulnerable Targets

Google Hacking Database (GHDB)
o Locating Targets Via Demonstration
Pages

SiteDigger Tool
o Usernames, Cleartext Passwords, and
Hostnames!

Gooscan
“Powered by” Tags Are Common Query
Fodder for Finding Web Applications

Goolink Scanner
o Locating Targets Via Source Code

Goolag Scanner
Vulnerable Web Application Examples

Tool: Google Hacks
o Locating Targets Via CGI Scanning

Google Hack Honeypot

A Single CGI Scan-Style Query

Google Protocol

Directory Listings

Google Cartography


o Finding IIS 5.0 Servers

Module 5: Scanning
Web Server Software Error Messages

Scanning: Definition
o IIS HTTP/1.1 Error Page Titles

Types of Scanning
o “Object Not Found” Error Message Used
to Find IIS 5.0

Objectives of Scanning

CEH Scanning Methodology
o Apache Web Server

Apache 2.0 Error Pages
o Checking for live systems - ICMP
Scanning

Application Software Error Messages
·
Angry IP
o ASP Dumps Provide Dangerous Details
·
HPing2
o Many Errors Reveal Pathnames and
Filenames
·
Ping Sweep
·
Firewalk Tool
o CGI Environment Listings Reveal Lots of
Information
·
Firewalk Commands
Default Pages
·
Firewalk Output
o A Typical Apache Default Web Page
·
Nmap
o Locating Default Installations of IIS 4.0 on
Windows NT 4.0/OP
·
Nmap: Scan Methods
·
NMAP Scan Options

ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
·
NMAP Output Format
·
TCP Communication Flags
·
Three Way Handshake
o Atelier Web Ports Traffic Analyzer
(AWPTA)
o Atelier Web Security Port Scanner
(AWSPS)
o Syn Stealth/Half Open Scan
o IPEye
o Stealth Scan
o ike-scan
o Xmas Scan
o Infiltrator Network Security Scanner
o Fin Scan
o YAPS: Yet Another Port Scanner
o Null Scan
o Advanced Port Scanner
o Idle Scan
o NetworkActiv Scanner
o ICMP Echo Scanning/List Scan
o NetGadgets
o TCP Connect/Full Open Scan
o P-Ping Tools
o FTP Bounce Scan
o MegaPing
·
o LanSpy
Ftp Bounce Attack
o SYN/FIN Scanning Using IP Fragments
o HoverIP
o UDP Scanning
o LANView
o Reverse Ident Scanning
o NetBruteScanner
o RPC Scan
o SolarWinds Engineer’s Toolset
o Window Scan
o AUTAPF
o Blaster Scan
o OstroSoft Internet Tools
o Portscan Plus, Strobe
o Advanced IP Scanner
o IPSec Scan
o Active Network Monitor
o Netscan Tools Pro
o Advanced Serial Data Logger
o WUPS – UDP Scanner
o Advanced Serial Port Monitor
o Superscan
o WotWeb
o IPScanner
o Antiy Ports
o Global Network Inventory Scanner
o Port Detective
o Net Tools Suite Pack
o Roadkil’s Detector
o Floppy Scan
o Portable Storage Explorer
o FloppyScan Steps
o E-mail Results of FloppyScan
ITPro Global ® 2009
www.itpro.net.vn

War Dialer Technique
o Why War Dialing
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
o Wardialing
o Nessus
o Phonesweep – War Dialing Tool
o GFI Languard
o THC Scan
o Security Administrator’s Tool for
Analyzing Networks (SATAN)
o ToneLoc
o Retina
o ModemScan
o Nagios
o War Dialing Countermeasures: Sandtrap
Tool

o PacketTrap's pt360 Tool Suite
Banner Grabbing
o NIKTO
o OS Fingerprinting
§ SAFEsuite Internet Scanner,
IdentTCPScan
·
Active Stack Fingerprinting
·
Passive Fingerprinting

o Cheops
o Active Banner Grabbing Using Telnet
o Friendly Pinger
o GET REQUESTS
o LANsurveyor
o P0f – Banner Grabbing Tool
o Ipsonar
o p0f for Windows
o LANState
o Httprint Banner Grabbing Tool
§ Insightix Visibility
o Tool: Miart HTTP Header
§ IPCheck Server Monitor
o Tools for Active Stack Fingerprinting
·
Xprobe2
·
Ringv2
·
Netcraft
o Disabling or Changing Banner
o IIS Lockdown Tool
o Tool: ServerMask
o Hiding File Extensions
o Tool: PageXchanger

Vulnerability Scanning
o Bidiblah Automated Scanner
o Qualys Web Based Scanner
o SAINT
o ISS Security Scanner
ITPro Global ® 2009
www.itpro.net.vn
Draw Network Diagrams of Vulnerable Hosts
§ PRTG Traffic Grapher

Preparing Proxies
o Proxy Servers
o Free Proxy Servers
o Use of Proxies for Attack
o SocksChain
o Proxy Workbench
o Proxymanager Tool
o Super Proxy Helper Tool
o Happy Browser Tool (Proxy Based)
o Multiproxy
o Tor Proxy Chaining Software
o Additional Proxy Tools
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
·
o Anonymizers
Despoof Tool
·
Surfing Anonymously

Scanning Countermeasures
·
Primedius Anonymizer

Tool: SentryPC
·
StealthSurfer
·
Anonymous Surfing: Browzar
·
Torpark Browser

Overview of System Hacking Cycle
·
GetAnonymous

What is Enumeration?
·
IP Privacy

Techniques for Enumeration
·
Anonymity 4 Proxy (A4Proxy)

NetBIOS Null Sessions
·
Psiphon
o So What's the Big Deal
·
Connectivity Using Psiphon
o DumpSec Tool
·
AnalogX Proxy
o NetBIOS Enumeration Using Netview
·
NetProxy
·
Nbtstat Enumeration Tool
·
Proxy+
·
SuperScan
·
ProxySwitcher Lite
·
Enum Tool
·
JAP
o Enumerating User Accounts
·
Proxomitron
·
Module 6: Enumeration
o Google Cookies
·
G-Zapper
GetAcct
o Null Session Countermeasure

PS Tools
o SSL Proxy Tool
o PsExec
o How to Run SSL Proxy
o PsFile
o HTTP Tunneling Techniques
o PsGetSid
·
Why Do I Need HTTP Tunneling
o PsKill
·
Httptunnel for Windows
o PsInfo
·
How to Run Httptunnel
o PsList
·
HTTP-Tunnel
o PsLogged On
·
HTTPort
o PsLogList
o Spoofing IP Address
o PsPasswd
·
Spoofing IP Address Using Source
Routing
o PsService
·
Detection of IP Spoofing
ITPro Global ® 2009
www.itpro.net.vn
o PsShutdown
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center

o PsSuspend
o Terminal Service Agent
Simple Network Management Protocol
(SNMP) Enumeration
o TXNDS
o Unicornscan
o Management Information Base (MIB)
o Amap
o SNMPutil Example
o SolarWinds
o SNScan
o Getif SNMP MIB Browser
o UNIX Enumeration
o SNMP UNIX Enumeration
o SNMP Enumeration Countermeasures
o LDAP enumeration
o JXplorer
o LdapMiner
o Softerra LDAP Browser
o NTP enumeration
o SMTP enumeration
o Netenum

Steps to Perform Enumeration
Module 7: System Hacking

Part 1- Cracking Password
o CEH hacking Cycle
o Password Types
o Types of Password Attack
·
·
Passive Online Attack: Man-in-themiddle and replay attacks
·
Active Online Attack: Password
Guessing
·
Pre-computed Hashes
o Web enumeration

Offline Attacks
Brute force Attack
o Smtpscan
o Asnumber
Passive Online Attack: Wire Sniffing
Syllable Attack/Rule-based Attack/ Hybrid
attacks
o Lynx
Distributed network Attack
Winfingerprint
Rainbow Attack
o Windows Active Directory Attack Tool
·
o How To Enumerate Web Application
Directories in IIS Using DirectoryServices
o Default Password Database

IP Tools Scanner

Enumerate Systems Using Default Password
§ Tools:
o NBTScan
o NetViewX
o FREENETENUMERATOR
ITPro Global ® 2009
www.itpro.net.vn
Non-Technical Attacks
§ http://www.defaultpassword.com/
§ http://www.cirt.net/cgi-bin/passwd.pl
§ http://www.virus.org/index.php?
o PDF Password Cracker
o Abcom PDF Password Cracker
o Password Mitigation
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
o Permanent Account Lockout-Employee
Privilege Abuse
o Tool: LCP
o Tool: SID&User
o Administrator Password Guessing
·
o Tool: Ophcrack 2
Manual Password cracking Algorithm
o Tool: Crack
·
Automatic Password Cracking
Algorithm
o Tool: Access PassView
o Tool: Asterisk Logger
o Performing Automated Password
Guessing
·
o Tool: CHAOS Generator
Tool: NAT
o Tool: Asterisk Key
·
Smbbf (SMB Passive Brute Force
Tool)
·
SmbCrack Tool: Legion
·
Hacking Tool: LOphtcrack
o Password Recovery Tool: MS Access
Database Password Decoder
o Password Cracking Countermeasures
o Microsoft Authentication
o Do Not Store LAN Manager Hash in SAM
Database
·
o LM Hash Backward Compatibility
LM, NTLMv1, and NTLMv2
o How to Disable LM HASH
·
NTLM And LM Authentication On The
Wire
·
Kerberos Authentication
·
What is LAN Manager Hash?
LM “Hash” Generation
o Password Brute-Force Estimate Tool
o Syskey Utility
o AccountAudit

LM Hash
Part2-Escalating Privileges
o CEH Hacking Cycle
·
Salting
·
PWdump2 and Pwdump3
·
Tool: Rainbowcrack
·
Hacking Tool: KerbCrack
·
Hacking Tool: NBTDeputy
·
Change Recovery Console Password
- Method 1
·
NetBIOS DoS Attack
·
·
Hacking Tool: John the Ripper
o Password Sniffing
o How to Sniff SMB Credentials?
o SMB Replay Attacks
o Replay Attack Tool: SMBProxy
o Privilege Escalation
o Cracking NT/2000 passwords
o Active@ Password Changer
Change Recovery Console Password Method 2
o Privilege Escalation Tool: x.exe

Part3-Executing applications
o CEH Hacking Cycle
o Tool: psexec
o Tool: remoexec
o SMB Signing
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
o Ras N Map
o Stealth Website Logger
o Tool: Alchemy Remote Executor
o Digi Watcher Video Surveillance
o Emsa FlexInfo Pro
o Desktop Spy Screen Capture Program
o Keystroke Loggers
o Telephone Spy
o E-mail Keylogger
o Print Monitor Spy Tool
o Revealer Keylogger Pro
o Stealth E-Mail Redirector
o Handy Keylogger
o Spy Software: Wiretap Professional
o Ardamax Keylogger
o Spy Software: FlexiSpy
o Powered Keylogger
o PC PhoneHome
o Quick Keylogger
o Keylogger Countermeasures
o Spy-Keylogger
o Anti Keylogger
o Perfect Keylogger
o Advanced Anti Keylogger
o Invisible Keylogger
o Privacy Keyboard
o Actual Spy
o Spy Hunter - Spyware Remover
o SpyToctor FTP Keylogger
o Spy Sweeper
o IKS Software Keylogger
o Spyware Terminator
o Ghost Keylogger
o WinCleaner AntiSpyware
o Hacking Tool: Hardware Key Logger

Part4-Hiding files
o What is Spyware?
o CEH Hacking Cycle
o Spyware: Spector
o Hiding Files
o Remote Spy
o RootKits
o Spy Tech Spy Agent
·
Why rootkits
o 007 Spy Software
·
Hacking Tool: NT/2000 Rootkit
o Spy Buddy
·
Planting the NT/2000 Rootkit
o Ace Spy
·
Rootkits in Linux
o Keystroke Spy
·
Detecting Rootkits
o Activity Monitor
·
Steps for Detecting Rootkits
o Hacking Tool: eBlaster
·
Rootkit Detection Tools
o Stealth Voice Recorder
·
Sony Rootkit Case Study
o Stealth Keylogger
·
Rootkit: Fu
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
·
AFX Rootkit
·
Tool: Mp3Stego
·
Rootkit: Nuclear
·
Tool: Snow.exe
·
Rootkit: Vanquish
·
Steganography Tool: Fort Knox
·
Rootkit Countermeasures
·
Steganography Tool: Blindside
·
Patchfinder
·
Steganography Tool: S- Tools
·
RootkitRevealer
·
Steganography Tool: Steghide
o Creating Alternate Data Streams
·
Tool: Steganos
o How to Create NTFS Streams?
·
Steganography Tool: Pretty Good
Envelop
·
NTFS Stream Manipulation
·
NTFS Streams Countermeasures
·
Tool: Gifshuffle
·
Tool: JPHIDE and JPSEEK
·
Tool: wbStego
·
Tool: OutGuess
o What is Steganography?
·
Tool: Data Stash
·
·
Tool: Hydan
§ Least Significant Bit Insertion in Image files
·
Tool: Cloak
§ Process of Hiding Information in Image
Files
·
Tool: StegoNote
·
Tool: Stegomagic
·
Steganos Security Suite
·
C Steganography
·
Isosteg
·
FoxHole
·
Video Steganography
·
NTFS Stream Detectors (ADS Spy and
ADS Tools)
·
Hacking Tool: USB Dumper
Steganography Techniques
§ Masking and Filtering in Image files
§ Algorithms and transformation
·
Tool: Merge Streams
·
Invisible Folders
·
Tool: Invisible Secrets
·
Tool : Image Hide
·
Tool: Stealth Files
·
Tool: Steganography
·
Masker Steganography Tool
·
Hermetic Stego
·
Steganalysis Methods/Attacks on
Steganography
·
DCPP – Hide an Operating System
·
Stegdetect
·
Tool: Camera/Shy
·
SIDS
·
www.spammimic.com
·
High-Level View
ITPro Global ® 2009
www.itpro.net.vn
·
Case Study: Al-Qaida members
Distributing Propaganda to Volunteers
using Steganography
·
Steganalysis
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center

·
Tool: dskprobe.exe
o What do Trojan Creators Look for?
·
Stego Watch- Stego Detection Tool
·
StegSpy
o Different Ways a Trojan can Get into a
System
Part5-Covering Tracks
o CEH Hacking Cycle

Indications of a Trojan Attack

Ports Used by Trojans
o How to Determine which Ports are
Listening
o Covering Tracks
o Disabling Auditing

Trojans
o Clearing the Event Log
o Trojan: iCmd
o Tool: elsave.exe
o MoSucker Trojan
o Hacking Tool: Winzapper
o Proxy Server Trojan
o Evidence Eliminator
o SARS Trojan Notification
o Tool: Traceless
o Wrappers
o Tool: Tracks Eraser Pro
o Wrapper Covert Program
o Armor Tools
o Wrapping Tools
o Tool: ZeroTracks
o One Exe Maker / YAB / Pretator Wrappers
o PhatBooster
o Packaging Tool: WordPad
o RemoteByMail
Module 8: Trojans and Backdoors
o Tool: Icon Plus

Effect on Business
o Defacing Application: Restorator

What is a Trojan?
o Tetris
o Overt and Covert Channels
o HTTP Trojans
o Working of Trojans
o Trojan Attack through Http
o Different Types of Trojans
o HTTP Trojan (HTTP RAT)
§ Remote Access Trojans
o Shttpd Trojan - HTTP Server
§ Data-Sending Trojans
o Reverse Connecting Trojans
§ Destructive Trojans
o Nuclear RAT Trojan (Reverse Connecting)
§ Denial-of-Service (DoS) Attack Trojans
o Tool: BadLuck Destructive Trojan
§ Proxy Trojans
o ICMP Tunneling
§ FTP Trojans
o ICMP Backdoor Trojan
§ Security Software Disablers
o Microsoft Network Hacked by QAZ Trojan
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
o Backdoor.Theef (AVP)
o Skiddie Rat
o T2W (TrojanToWorm)
o Biohazard RAT
o Biorante RAT
o Troya
o DownTroj
o ProRat
o Turkojan
o Dark Girl
o Trojan.Satellite-RAT
o DaCryptic
o Yakoza
o Net-Devil
o DarkLabel B4

Classic Trojans Found in the Wild
o Trojan.Hav-Rat
o Trojan: Tini
o Poison Ivy
o Trojan: NetBus
o Rapid Hacker
o Trojan: Netcat
o SharK
o Netcat Client/Server
o HackerzRat
o Netcat Commands
o TYO
o Trojan: Beast
o 1337 Fun Trojan
o Trojan: Phatbot
o Criminal Rat Beta
o Trojan: Amitis
o VicSpy
o Trojan: Senna Spy
o Optix PRO
o Trojan: QAZ
o ProAgent
o Trojan: Back Orifice
o OD Client
o Trojan: Back Oriffice 2000
o AceRat
o Back Oriffice Plug-ins
o Mhacker-PS
o Trojan: SubSeven
o RubyRAT Public
o Trojan: CyberSpy Telnet Trojan
o SINner
o Trojan: Subroot Telnet Trojan
o ConsoleDevil
o Trojan: Let Me Rule! 2.0 BETA 9
o ZombieRat
o Trojan: Donald Dick
o FTP Trojan - TinyFTPD
o Trojan: RECUB
o VNC Trojan

Hacking Tool: Loki
o Webcam Trojan

Loki Countermeasures
o DJI RAT

Atelier Web Remote Commander
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center

Trojan Horse Construction Kit

MD5 Checksum.exe

How to Detect Trojans?

Microsoft Windows Defender

How to Avoid a Trojan Infection
o Netstat
o fPort
o TCPView

Virus History
o CurrPorts Tool

Characteristics of Virus
o Process Viewer

Working of Virus
o Delete Suspicious Device Drivers
o Infection Phase
o Check for Running Processes: What’s on
My Computer
o Attack Phase
o Super System Helper Tool
o Inzider-Tracks Processes and Ports
o Tool: What’s Running
o MS Configuration Utility
o Registry- What’s Running
o Autoruns
o Hijack This (System Checker)
o Startup List

Module 9: Viruses and Worms

Why people create Computer Viruses

Symptoms of a Virus-like Attack

Virus Hoaxes

Chain Letters

How is a Worm Different from a Virus

Indications of a Virus Attack

Hardware Threats

Software Threats

Virus Damage
Anti-Trojan Software
§ TrojanHunter
§ Comodo BOClean
§ Trojan Remover: XoftspySE
§ Trojan Remover: Spyware Doctor
§ SPYWAREfighter
§ Mode of Virus Infection

Stages of Virus Life

Virus Classification

How Does a Virus Infect?

Storage Patterns of Virus
o System Sector virus

Evading Anti-Virus Techniques

Sample Code for Trojan Client/Server

Evading Anti-Trojan/Anti-Virus using Stealth
Tools
·
Self -Modification

Backdoor Countermeasures
·
Encryption with a Variable Key

Tripwire
o Polymorphic Code

System File Verification
o Metamorphic Virus
ITPro Global ® 2009
www.itpro.net.vn
o Stealth Virus
o Bootable CD-Rom Virus
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
o Cavity Virus

What is Sheep Dip?
o Sparse Infector Virus

Virus Analysis – IDA Pro Tool
o Companion Virus

Prevention is better than Cure
o File Extension Virus

Anti-Virus Software

Famous Virus/Worms – I Love You Virus
o AVG Antivirus

Famous Virus/Worms – Melissa
o Norton Antivirus

Famous Virus/Worms – JS/Spth
o McAfee

Klez Virus Analysis
o Socketsheild

Latest Viruses
o BitDefender

Top 10 Viruses- 2008
o ESET Nod32
o Virus: Win32.AutoRun.ah
o CA Anti-Virus
o Virus:W32/Virut
o F-Secure Anti-Virus
o Virus:W32/Divvi
o Kaspersky Anti-Virus
o Worm.SymbOS.Lasco.a
o F-Prot Antivirus
o Disk Killer
o Panda Antivirus Platinum
o Bad Boy
o avast! Virus Cleaner
o HappyBox
o ClamWin
o Java.StrangeBrew
o Norman Virus Control
o MonteCarlo Family

Popular Anti-Virus Packages
o PHP.Neworld

Virus Databases
o W32/WBoy.a
o ExeBug.d
Module 10: Sniffers
o W32/Voterai.worm.e

Definition - Sniffing
o W32/Lecivio.worm

Protocols Vulnerable to Sniffing
o W32/Lurka.a

Tool: Network View – Scans the Network for
Devices

The Dude Sniffer

Wireshark

Display Filters in Wireshark

Following the TCP Stream in Wireshark

Cain and Abel
o W32/Vora.worm!p2p

Writing a Simple Virus Program

Virus Construction Kits

Virus Detection Methods

Virus Incident Response
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center

Tcpdump
o Linux Tool: Sshmitm

Tcpdump Commands
o Linux Tool: Tcpkill

Types of Sniffing
o Linux Tool: Tcpnice
o Passive Sniffing
o Linux Tool: Urlsnarf
o Active Sniffing
o Linux Tool: Webspy
What is ARP
o Linux Tool: Webmitm

o ARP Spoofing Attack
DNS Poisoning Techniques
o How does ARP Spoofing Work
o Intranet DNS Spoofing (Local Network)
o ARP Poising
o Internet DNS Spoofing (Remote Network)
o MAC Duplicating
o Proxy Server DNS Poisoning
o MAC Duplicating Attack
o DNS Cache Poisoning
o Tools for ARP Spoofing

Interactive TCP Relay
·
Ettercap

Interactive Replay Attacks
·
ArpSpyX

Raw Sniffing Tools

Features of Raw Sniffing Tools
o MAC Flooding
·


Tools for MAC Flooding
o HTTP Sniffer: EffeTech
Linux Tool: Macof
o Ace Password Sniffer
Windows Tool: Etherflood
o Win Sniffer
o Threats of ARP Poisoning
o MSN Sniffer
o Irs-Arp Attack Tool
o SmartSniff
o ARPWorks Tool
o Session Capture Sniffer: NetWitness
o Tool: Nemesis
o Session Capture Sniffer: NWreader
o IP-based sniffing
o Packet Crafter Craft Custom TCP/IP
Packets
Linux Sniffing Tools (dsniff package)
o Linux tool: Arpspoof
o Linux Tool: Dnssppoof
o Linux Tool: Dsniff
o Linux Tool: Filesnarf
o Linux Tool: Mailsnarf
o Linux Tool: Msgsnarf
o SMAC
o NetSetMan Tool
o Ntop
o EtherApe
o Network Probe
o Maa Tec Network Analyzer
o Tool: Snort
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
o Tool: Windump

“Rebecca” and “Jessica”
o Tool: Etherpeek

Office Workers
o NetIntercept

Types of Social Engineering
o Colasoft EtherLook
o Human-Based Social Engineering
o AW Ports Traffic Analyzer
·
Technical Support Example
o Colasoft Capsa Network Analyzer
·
More Social Engineering Examples
o CommView
·
Human-Based Social Engineering:
Eavesdropping
o Sniffem
o NetResident
o IP Sniffer
o Sniphere
o IE HTTP Analyzer
o BillSniff
·
Human-Based Social Engineering:
Shoulder Surfing
·
Human-Based Social Engineering:
Dumpster Diving
·
Dumpster Diving Example
·
Oracle Snoops Microsoft’s Trash Bins
o URL Snooper
·
Movies to Watch for Reverse
Engineering
o EtherDetect Packet Sniffer
o Computer Based Social Engineering
o EffeTech HTTP Sniffer
o Insider Attack
o AnalogX Packetmon
o Disgruntled Employee
o Colasoft MSN Monitor
o Preventing Insider Threat
o IPgrab
o Common Targets of Social Engineering
o EtherScan Analyzer
§ Social Engineering Threats

How to Detect Sniffing
o Online

Countermeasures
o Telephone
o Antisniff Tool
o Personal approaches
o Arpwatch Tool
o Defenses Against Social Engineering
Threats
o PromiScan
o proDETECT
§ Factors that make Companies Vulnerable
to Attacks
§ Why is Social Engineering Effective
Module 11: Social Engineering
§ Warning Signs of an Attack

What is Social Engineering?
§ Tool : Netcraft Anti-Phishing Toolbar

Human Weakness
§ Phases in a Social Engineering Attack
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
§ Behaviors Vulnerable to Attacks
o Client-side Vulnerabilities
§ Impact on the Organization
o Deceptive Phishing
§ Countermeasures
o Malware-Based Phishing
§ Policies and Procedures
o DNS-Based Phishing
§ Security Policies - Checklist
o Content-Injection Phishing
§ Impersonating Orkut, Facebook, MySpace
o Search Engine Phishing
§ Orkut
§ Phishing Statistics: Feb’ 2008
§ Impersonating on Orkut
§ Anti-Phishing
§ MW.Orc worm
§ Anti-Phishing Tools
§ Facebook
o PhishTank SiteChecker
§ Impersonating on Facebook
o NetCraft
§ MySpace
o GFI MailEssentials
§ Impersonating on MySpace
o SpoofGuard
§ How to Steal Identity
o Phishing Sweeper Enterprise
§ Comparison
o TrustWatch Toolbar
§ Original
o ThreatFire
§ Identity Theft
o GralicWrap
§ http://www.consumer.gov/idtheft/
o Spyware Doctor
o Track Zapper Spyware-Adware Remover
o AdwareInspector
Module 12: Phishing
o Email-Tag.com
§ Phishing
§ Introduction
§ Reasons for Successful Phishing
Module 13: Hacking Email Accounts
§ Phishing Methods

Ways for Getting Email Account Information
§ Process of Phishing

Stealing Cookies
§ Types of Phishing Attacks

Social Engineering
o Man-in-the-Middle Attacks

Password Phishing
o URL Obfuscation Attacks

Fraudulent e-mail Messages
o Cross-site Scripting Attacks

Vulnerabilities
o Hidden Attacks
ITPro Global ® 2009
www.itpro.net.vn
o
Web Email
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
o
Reaper Exploit

DoS Attack Classification

Tool: Advanced Stealth Email Redirector
o Smurf Attack

Tool: Mail PassView
o Buffer Overflow Attack

Tool: Email Password Recovery Master
o Ping of Death Attack

Tool: Mail Password
o Teardrop Attack

Email Finder Pro
o SYN Attack

Email Spider Easy
o SYN Flooding

Kernel Hotmail MSN Password Recovery
o DoS Attack Tools

Retrieve Forgotten Yahoo Password
o DoS Tool: Jolt2

MegaHackerZ
o DoS Tool: Bubonic.c

Hack Passwords
o DoS Tool: Land and LaTierra

Creating Strong Passwords
o DoS Tool: Targa

Creating Strong Passwords: Change
Password
o DoS Tool: Blast

Creating Strong Passwords: Trouble Signing
In
o DoS Tool: Panther2

Sign-in Seal
o DoS Tool: Crazy Pinger

Alternate Email Address
o DoS Tool: SomeTrouble

Keep Me Signed In/ Remember Me
o DoS Tool: UDP Flood

Tool: Email Protector
o DoS Tool: FSMax

Tool: Email Security

Bot (Derived from the Word RoBOT)

Tool: EmailSanitizer

Botnets

Tool: Email Protector

Uses of Botnets

Tool: SuperSecret

Types of Bots

How Do They Infect? Analysis Of Agabot

How Do They Infect
Module 14: Denial-of-Service
o DoS Tool: Nemesy

Real World Scenario of DoS Attacks

Tool: Nuclear Bot

What are Denial-of-Service Attacks

What is DDoS Attack

Goal of DoS

Characteristics of DDoS Attacks

Impact and the Modes of Attack

DDOS Unstoppable

Types of Attacks

Agent Handler Model
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center

DDoS IRC based Model

Deflect Attacks

DDoS Attack Taxonomy

Post-attack Forensics

Amplification Attack

Packet Traceback

Reflective DNS Attacks

Reflective DNS Attacks Tool: ihateperl.pl

DDoS Tools

What is Session Hijacking?
o DDoS Tool: Trinoo

Spoofing v Hijacking
o DDoS Tool: Tribal Flood Network

Steps in Session Hijacking
o DDoS Tool: TFN2K

Types of Session Hijacking
o DDoS Tool: Stacheldraht

Session Hijacking Levels
o DDoS Tool: Shaft

Network Level Hijacking
o DDoS Tool: Trinity

The 3-Way Handshake
o DDoS Tool: Knight and Kaiten

TCP Concepts 3-Way Handshake
o DDoS Tool: Mstream

Sequence Numbers

Worms

Sequence Number Prediction

Slammer Worm

TCP/IP hijacking

Spread of Slammer Worm – 30 min

IP Spoofing: Source Routed Packets

MyDoom.B

RST Hijacking

SCO Against MyDoom Worm

How to Conduct a DDoS Attack

Blind Hijacking

The Reflected DoS Attacks

Man in the Middle: Packet Sniffer

Reflection of the Exploit

UDP Hijacking

Countermeasures for Reflected DoS

Application Level Hijacking

DDoS Countermeasures

Programs that Performs Session Hacking

Taxonomy of DDoS Countermeasures
o Juggernaut

Preventing Secondary Victims
o Hunt

Detect and Neutralize Handlers
o TTY-Watcher

Detect Potential Attacks
o IP watcher

DoSHTTP Tool
o Session Hijacking Tool: T-Sight

Mitigate or Stop the Effects of DDoS Attacks
o Remote TCP Session Reset Utility
(SOLARWINDS)
ITPro Global ® 2009
www.itpro.net.vn
Module 15: Session Hijacking
o RST Hijacking Tool: hijack_rst.sh
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
o Paros HTTP Session Hijacking Tool
o Tool: HttpZip
o Dnshijacker Tool
o Tool: LinkDeny
o Hjksuite Tool
o Tool: ServerDefender AI

Dangers that hijacking Pose
o Tool: ZipEnable

Protecting against Session Hijacking
o Tool: w3compiler

Countermeasures: IPSec
o Yersinia
Module 16: Hacking Web Servers

Tool: Metasploit Framework

Tool: Immunity CANVAS Professional

How Web Servers Work

Tool: Core Impact

How are Web Servers Compromised

Tool: MPack

Web Server Defacement

Tool: Neosploit
o How are Servers Defaced

Hotfixes and Patches

Apache Vulnerability

What is Patch Management

Attacks against IIS

Patch Management Checklist


o IIS Components
o Solution: UpdateExpert
o IIS Directory Traversal (Unicode) Attack
o Patch Management Tool: qfecheck
Unicode
o Patch Management Tool: HFNetChk
o Unicode Directory Traversal Vulnerability
o cacls.exe utility
Hacking Tool
o Shavlik NetChk Protect
o Hacking Tool: IISxploit.exe
o Kaseya Patch Management
o Msw3prt IPP Vulnerability
o IBM Tivoli Configuration Manager
o RPC DCOM Vulnerability
o LANDesk Patch Manager
o ASP Trojan
o BMC Patch Manager
o IIS Logs
o ConfigureSoft Enterprise Configuration
Manager (ECM)
o Network Tool: Log Analyzer
o BladeLogic Configuration Manager
o Hacking Tool: CleanIISLog
o IIS Security Tool: Server Mask
o Opsware Server Automation System
(SAS)
o ServerMask ip100
o Best Practices for Patch Management
o Tool: CacheRight

Vulnerability Scanners
o Tool: CustomError

Online Vulnerability Search Engine
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center

Network Tool: Whisker

Network Tool: N-Stealth HTTP Vulnerability
Scanner

Hacking Tool: WebInspect

Network Tool: Shadow Security Scanner

Secure IIS
o Countermeasures

o Countermeasures

Cryptographic Interception

Cookie Snooping

Authentication Hijacking
o ServersCheck Monitoring
o GFI Network Server Monitor
o Servers Alive
o Webserver Stress Tool
o Monitoring Tool: Secunia PSI

Countermeasures

Increasing Web Server Security

Web Server Protection Checklist
Directory Traversal/Forceful Browsing
o Countermeasures

Log Tampering

Error Message Interception

Attack Obfuscation

Platform Exploits

DMZ Protocol Attacks
o Countermeasures

Security Management Exploits
o Web Services Attacks
Module 17: Web Application Vulnerabilities

Web Application Setup

Web application Hacking

Anatomy of an Attack

Web Application Threats

Cross-Site Scripting/XSS Flaws
o An Example of XSS
o Countermeasures

SQL Injection

Command Injection Flaws
o Zero-Day Attacks
o Network Access Attacks

TCP Fragmentation

Hacking Tools
o Instant Source
o Wget
o WebSleuth
o BlackWidow
o SiteScope Tool
o Countermeasures
o WSDigger Tool – Web Services Testing
Tool
Cookie/Session Poisoning
o CookieDigger Tool
o Countermeasures
o SSLDigger Tool

Parameter/Form Tampering
o SiteDigger Tool

Hidden Field at
o WindowBomb

Buffer Overflow
o Burp: Positioning Payloads

ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
o Burp: Configuring Payloads and Content
Enumeration
o RSA SecurID Token
o Biometrics Authentication
o Burp: Password Guessing
·
o Burp Proxy
Fingerprint-based Identification
o Burpsuite
Hand Geometry- based Identification
o Hacking Tool: cURL
Retina Scanning
o dotDefender
Afghan Woman Recognized After 17
Years
o Acunetix Web Scanner
o AppScan – Web Application Scanner
Face Recognition
o AccessDiver
Face Code: WebCam Based Biometrics
Authentication System
o Tool: Falcove Web Vulnerability Scanner
o Tool: NetBrute
o Tool: Emsa Web Monitor
o Tool: KeepNI
o Tool: Parosproxy
o Tool: WebScarab
o Tool: Watchfire AppScan
o Tool: WebWatchBot
o Tool: Mapper
Module 18: Web-Based Password Cracking
Techniques

Authentication - Definition

Authentication Mechanisms
o HTTP Authentication
·
Basic Authentication
·
Digest Authentication

Bill Gates at the RSA Conference 2006

How to Select a Good Password

Things to Avoid in Passwords

Changing Your Password

Protecting Your Password

Examples of Bad Passwords

The “Mary Had A Little Lamb” Formula

How Hackers Get Hold of Passwords

Windows XP: Remove Saved Passwords

What is a Password Cracker

Modus Operandi of an Attacker Using a
Password Cracker

How Does a Password Cracker Work

Attacks - Classification
o Password Guessing
o Query String
o Cookies
o Integrated Windows (NTLM)
Authentication
o Negotiate Authentication
Types of Biometrics Authentication
o Dictionary Maker

Password Crackers Available
o Certificate-based Authentication
o L0phtCrack (LC4)
o Forms-based Authentication
o John the Ripper
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
o Brutus
Module 19: SQL Injection
o ObiWaN
o Authforce
o Hydra
o Cain & Abel
o RAR
o Gammaprog
o WebCracker
o Munga Bunga
o PassList
o SnadBoy
o MessenPass
o Wireless WEP Key Password Spy
o RockXP
o Password Spectator Pro
o Passwordstate
o Atomic Mailbox Password Cracker
o Advanced Mailbox Password Recovery
(AMBPR)
o Tool: Network Password Recovery
o Tool: Mail PassView
o Tool: Messenger Key
o Tool: SniffPass
o WebPassword
o Password Administrator
o Password Safe
o Easy Web Password
o PassReminder
o My Password Manager

Countermeasures

What is SQL Injection

Exploiting Web Applications

Steps for performing SQL injection

What You Should Look For

What If It Doesn’t Take Input

OLE DB Errors

Input Validation Attack

SQL injection Techniques

How to Test for SQL Injection Vulnerability

How Does It Work

BadLogin.aspx.cs

BadProductList.aspx.cs

Executing Operating System Commands

Getting Output of SQL Query

Getting Data from the Database Using ODBC
Error Message

How to Mine all Column Names of a Table

How to Retrieve any Data

How to Update/Insert Data into Database

SQL Injection in Oracle

SQL Injection in MySql Database

Attacking Against SQL Servers

SQL Server Resolution Service (SSRS)

Osql -L Probing

SQL Injection Automated Tools

Automated SQL Injection Tool: AutoMagic
SQL

Absinthe Automated SQL Injection Tool
o Hacking Tool: SQLDict
o Hacking Tool: SQLExec
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
o SQL Server Password Auditing Tool: sqlbf
§ Wireless Concepts and Devices
o Hacking Tool: SQLSmack
o Related Technology and Carrier Networks
o Hacking Tool: SQL2.exe
o Antennas
o sqlmap
o Cantenna – www.cantenna.com
o sqlninja
o Wireless Access Points
o SQLIer
o SSID
o Automagic SQL Injector
o Beacon Frames
o Absinthe
o Is the SSID a Secret
Blind SQL Injection
o Setting up a WLAN
o Blind SQL Injection: Countermeasure
o Authentication and Association
o Blind SQL Injection Schema
o Authentication Modes

SQL Injection Countermeasures
o The 802.1X Authentication Process

Preventing SQL Injection Attacks
§

GoodLogin.aspx.cs
o Wired Equivalent Privacy (WEP)

SQL Injection Blocking Tool: SQL Block
o WEP Issues

Acunetix Web Vulnerability Scanner
o WEP - Authentication Phase

WEP and WPA
o WEP - Shared Key Authentication
Module 20: Hacking Wireless Networks
o WEP - Association Phase
§ Introduction to Wireless
o WEP Flaws
o Introduction to Wireless Networking
o What is WPA
o Wired Network vs. Wireless Network
o WPA Vulnerabilities
o Effects of Wireless Attacks on Business
o WEP, WPA, and WPA2
o Types of Wireless Network
o WPA2 Wi-Fi Protected Access 2
o Advantages and Disadvantages of a
Wireless Network
§ Wireless Standards
o Wireless Standard: 802.11a
§ Attacks and Hacking Tools
o Terminologies
o WarChalking
o Wireless Standard: 802.11b – “WiFi”
o Authentication and (Dis) Association
Attacks
o Wireless Standard: 802.11g
o WEP Attack
o Wireless Standard: 802.11i
o Cracking WEP
o Wireless Standard: 802.11n
o Weak Keys (a.k.a. Weak IVs)
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
o Problems with WEP’s Key Stream and
Reuse
o Temporal Key Integrity Protocol (TKIP)
o Automated WEP Crackers
o LEAP: The Lightweight Extensible
Authentication Protocol
o Pad-Collection Attacks
o LEAP Attacks
o XOR Encryption
o LEAP Attack Tool: ASLEAP
o Stream Cipher
o Working of ASLEAP
o WEP Tool: Aircrack
o MAC Sniffing and AP Spoofing
o Aircrack-ng
o Defeating MAC Address Filtering in
Windows
o WEP Tool: AirSnort
o WEP Tool: WEPCrack
o WEP Tool: WepLab
o Attacking WPA Encrypted Networks
o Attacking WEP with WEPCrack on
Windows using Cygwin
o Manually Changing the MAC Address in
Windows XP and 2000
o Tool to Detect MAC Address Spoofing:
Wellenreiter
o Man-in-the-Middle Attack (MITM)
o Denial-of-Service Attacks
o Attacking WEP with WEPCrack on
Windows using PERL Interpreter
o DoS Attack Tool: Fatajack
o Tool: Wepdecrypt
o Hijacking and Modifying a Wireless
Network
o WPA-PSK Cracking Tool: CowPatty
o Phone Jammers
o 802.11 Specific Vulnerabilities
o Phone Jammer: Mobile Blocker
o Evil Twin: Attack
o Pocket Cellular Style Cell Phone Jammer
o Rogue Access Points
o 2.4Ghz Wi-Fi & Wireless Camera Jammer
o Tools to Generate Rogue Access Points:
Fake AP
o 3 Watt Digital Cell Phone Jammer
o Tools to Detect Rogue Access Points:
Netstumbler
o Tools to Detect Rogue Access Points:
MiniStumbler
o 3 Watt Quad Band Digital Cellular Mobile
Phone Jammer
o 20W Quad Band Digital Cellular Mobile
Phone Jammer
o ClassicStumbler
o 40W Digital Cellular Mobile Phone
Jammer
o AirFart
o Detecting a Wireless Network
o AP Radar
§ Scanning Tools
o Hotspotter
o Scanning Tool: Kismet
o Cloaked Access Point
o Scanning Tool: Prismstumbler
o WarDriving Tool: shtumble
o Scanning Tool: MacStumbler
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
o Scanning Tool: Mognet V1.16
o Step 1: Find Networks to Attack
o Scanning Tool: WaveStumbler
o Step 2: Choose the Network to Attack
o Scanning Tool: Netchaser V1.0 for Palm
Tops
o Step 3: Analyzing the Network
o Step 4: Cracking the WEP Key
o Scanning Tool: AP Scanner
o Step 5: Sniffing the Network
o Scanning Tool: Wavemon
§ Wireless Security
o Scanning Tool: Wireless Security Auditor
(WSA)
o WIDZ: Wireless Intrusion Detection
System
o Scanning Tool: AirTraf
o Scanning Tool: WiFi Finder
o Radius: Used as Additional Layer in
Security
o Scanning Tool: WifiScanner
o Securing Wireless Networks
o eEye Retina WiFI
o Wireless Network Security Checklist
o Simple Wireless Scanner
o WLAN Security: Passphrase
o wlanScanner
o Don’ts in Wireless Security
§ Sniffing Tools
§ Wireless Security Tools
o Sniffing Tool: AiroPeek
o WLAN Diagnostic Tool: CommView for
WiFi PPC
o Sniffing Tool: NAI Wireless Sniffer
o MAC Sniffing Tool: WireShark
o WLAN Diagnostic Tool: AirMagnet
Handheld Analyzer
o Sniffing Tool: vxSniffer
o Auditing Tool: BSD-Airtools
o Sniffing Tool: Etherpeg
o AirDefense Guard
(www.AirDefense.com)
o Sniffing Tool: Drifnet
o Google Secure Access
o Sniffing Tool: AirMagnet
o Tool: RogueScanner
o Sniffing Tool: WinDump
o Sniffing Tool: Ssidsniff
o Multiuse Tool: THC-RUT
Module 21: Physical Security

Security Facts

Understanding Physical Security

Physical Security

What Is the Need for Physical Security
o Microsoft Network Monitor

Who Is Accountable for Physical Security
§ Hacking Wireless Networks

Factors Affecting Physical Security
o Steps for Hacking Wireless Networks

Physical Security Checklist
o Tool: WinPcap
o Tool: AirPcap
o AirPcap: Example Program from the
Developer's Pack
®
ITPro Global 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
o Physical Security Checklist -Company
surroundings
o Gates
o Security Guards
o Physical Security Checklist: Premises
o CCTV Cameras
o Reception
o Server Room
o Workstation Area
o Wireless Access Point
o Other Equipments
o Access Control
·
Biometric Devices
·
Biometric Identification Techniques
·
Authentication Mechanisms

Statistics for Stolen and Recovered Laptops

Laptop Theft

Laptop theft: Data Under Loss

Laptop Security Tools

Laptop Tracker - XTool Computer Tracker

Tools to Locate Stolen Laptops

Stop's Unique, Tamper-proof Patented Plate

Tool: TrueCrypt

Laptop Security Countermeasures

Mantrap

TEMPEST

Challenges in Ensuring Physical Security

Spyware Technologies

Spying Devices

Physical Security: Lock Down USB Ports
·
Authentication Mechanism Challenges:
Biometrics

Tool: DeviceLock
·
Faking Fingerprints

Blocking the Use of USB Storage Devices
·
Smart cards

Track Stick GPS Tracking Device
·
Security Token
·
Computer Equipment Maintenance
·
Wiretapping
§ Why Linux
·
Remote Access
§ Linux Distributions
·
Lapse of Physical Security
§ Linux Live CD-ROMs
·
Locks
§ Basic Commands of Linux: Files &
Directories
Module 22: Linux Hacking
Lock Picking
§ Linux Basic
Lock Picking Tools

Information Security

EPS (Electronic Physical Security)

Wireless Security

Laptop Theft Statistics for 2007
ITPro Global ® 2009
www.itpro.net.vn
o Linux File Structure
o Linux Networking Commands

Directories in Linux

Installing, Configuring, and Compiling Linux
Kernel
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center

How to Install a Kernel Patch

Linux Tool: IPTraf

Compiling Programs in Linux

Linux Tool: LIDS

GCC Commands

Hacking Tool: Hunt

Make Files

Tool: TCP Wrappers

Make Install Command

Linux Loadable Kernel Modules

Linux Vulnerabilities

Hacking Tool: Linux Rootkits

Chrooting

Rootkits: Knark & Torn

Why is Linux Hacked

Rootkits: Tuxit, Adore, Ramen

How to Apply Patches to Vulnerable
Programs

Rootkit: Beastkit

Rootkit Countermeasures

Scanning Networks

‘chkrootkit’ detects the following Rootkits

Nmap in Linux

Linux Tools: Application Security

Scanning Tool: Nessus


Port Scan Detection Tools
Advanced Intrusion Detection Environment
(AIDE)

Password Cracking in Linux: Xcrack

Linux Tools: Security Testing Tools

Firewall in Linux: IPTables

Linux Tools: Encryption

IPTables Command

Linux Tools: Log and Traffic Monitors

Basic Linux Operating System Defense

Linux Security Auditing Tool (LSAT)

SARA (Security Auditor's Research
Assistant)

Linux Security Countermeasures

Steps for Hardening Linux

Linux Tool: Netcat

Linux Tool: tcpdump

Linux Tool: Snort

Linux Tool: SAINT
§ Introduction to Intrusion Detection System

Linux Tool: Wireshark
§ Terminologies

Linux Tool: Abacus Port Sentry
§ Intrusion Detection System (IDS)

Linux Tool: DSniff Collection
o IDS Placement

Linux Tool: Hping2
o Ways to Detect an Intrusion

Linux Tool: Sniffit
o Types of Instruction Detection Systems

Linux Tool: Nemesis
o System Integrity Verifiers (SIVS)

Linux Tool: LSOF
o Tripwire
ITPro Global ® 2009
www.itpro.net.vn
Module 23: Evading IDS, Firewalls and Detecting
Honey Pots
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
o Cisco Security Agent (CSA)
o Firewall Operations
o True/False, Positive/Negative
o Hardware Firewall
o Signature Analysis
o Software Firewall
o General Indication of Intrusion: System
Indications
o Types of Firewall
o General Indication of Intrusion: File
System Indications
o General Indication of Intrusion: Network
Indications
o Intrusion Detection Tools
·
Snort
·
Running Snort on Windows 2003
·
Snort Console
·
Testing Snort
·
Configuring Snort (snort.conf)
·
Snort Rules
·
Set up Snort to Log to the Event Logs
and to Run as a Service
·
Using EventTriggers.exe for Eventlog
Notifications
·
SnortSam
·
Packet Filtering Firewall
·
IP Packet Filtering Firewall
·
Circuit-Level Gateway
·
TCP Packet Filtering Firewall
·
Application Level Firewall
·
Application Packet Filtering Firewall
·
Stateful Multilayer Inspection Firewall
o Packet Filtering Firewall
o Firewall Identification
o Firewalking
o Banner Grabbing
o Breaching Firewalls
o Bypassing a Firewall using HTTPTunnel
o Placing Backdoors through Firewalls
o Hiding Behind a Covert Channel: LOKI
o Steps to Perform after an IDS detects an
attack
o Tool: NCovert
o Evading IDS Systems
o ACK Tunneling
·
Ways to Evade IDS
o Tools to breach firewalls
·
Tools to Evade IDS
§ Common Tool for Testing Firewall and IDS
§ IDS Evading Tool: ADMutate
o IDS testing tool: IDS Informer
§ Packet Generators
o IDS Testing Tool: Evasion Gateway
§ What is a Firewall?
o What Does a Firewall Do
o IDS Tool: Event Monitoring Enabling
Responses to Anomalous Live Disturbances
(Emerald)
o Packet Filtering
o IDS Tool: BlackICE
o What can’t a firewall do
o IDS Tool: Next-Generation Intrusion
Detection Expert System (NIDES)
o How does a Firewall work
ITPro Global ® 2009
www.itpro.net.vn
o IDS Tool: SecureHost
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
o IDS Tool: Snare
o A Simple Uncontrolled Overflow of the
Stack
o IDS Testing Tool: Traffic IQ Professional
o Stack Based Buffer Overflows
o IDS Testing Tool: TCPOpera
o IDS testing tool: Firewall Informer

Types of Buffer Overflows: Heap-based
Buffer Overflow
o Atelier Web Firewall Tester
o Heap Memory Buffer Overflow Bug
§ What is Honeypot?
o Heap-based Buffer Overflow
o The Honeynet Project

o Types of Honeypots
§ Low-interaction honeypot
Understanding Assembly Language
o Shellcode

How to Detect Buffer Overflows in a Program
§ Medium-interaction honeypot
o Attacking a Real Program
§ High-interaction honeypot
§ NOPs
o Advantages and Disadvantages of a
Honeypot
§ How to Mutate a Buffer Overflow Exploit
§ Once the Stack is Smashed
o Where to place Honeypots
o Honeypots
·
Honeypot-SPECTER
·
Honeypot - honeyd
·
Honeypot – KFSensor
·
Sebek

Defense Against Buffer Overflows
o Tool to Defend Buffer Overflow: Return
Address Defender (RAD)
o Tool to Defend Buffer Overflow:
StackGuard
o Tool to Defend Buffer Overflow: Immunix
System
o Physical and Virtual Honeypots
o Vulnerability Search: NIST
§ Tools to Detect Honeypots
§ What to do when hacked
o Valgrind
o Insure++
Module 24: Buffer Overflows

Buffer Overflow Protection Solution: Libsafe

Why are Programs/Applications Vulnerable

Buffer Overflows

Reasons for Buffer Overflow Attacks

Knowledge Required to Program Buffer
Overflow Exploits

Understanding Stacks

Understanding Heaps
§ Introduction to Cryptography

Types of Buffer Overflows: Stack-based
Buffer Overflow
§ Classical Cryptographic Techniques
o Comparing Functions of libc and Libsafe

Simple Buffer Overflow in C
o Code Analysis
Module 25: Cryptography
o Encryption
®
ITPro Global 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
o Cleversafe Grid Builder
http://www.cleversafe.com/
o Decryption
§ Cryptographic Algorithms
§ PGP (Pretty Good Privacy)
§ RSA (Rivest Shamir Adleman)
§ CypherCalc
o Example of RSA Algorithm
§ Command Line Scriptor
o RSA Attacks
§ CryptoHeaven
o RSA Challenge
§ Hacking Tool: PGP Crack
§ Data Encryption Standard (DES)
§ Magic Lantern
o DES Overview
§ Advanced File Encryptor
§ RC4, RC5, RC6, Blowfish

Encryption Engine

Encrypt Files

Encrypt PDF

Encrypt Easy

Encrypt my Folder

Advanced HTML Encrypt and Password
Protect
§ What is SSH?

Encrypt HTML source
o SSH (Secure Shell)

Alive File Encryption
§ Algorithms and Security

Omziff
§ Disk Encryption

ABC CHAOS
§ Government Access to Keys (GAK)

EncryptOnClick
§ Digital Signature

CryptoForge
o Components of a Digital Signature

SafeCryptor
o Method of Digital Signature Technology

CrypTool
o Digital Signature Applications

Microsoft Cryptography Tools
o Digital Signature Standard

Polar Crypto Light
o Digital Signature Algorithm: Signature
Generation/Verification

CryptoSafe

Crypt Edit

CrypSecure
o Challenges and Opportunities

Cryptlib
§ Digital Certificates

Crypto++ Library
o RC5
§ Message Digest Functions
o One-way Bash Functions
o MD5
§ SHA (Secure Hash Algorithm)
§ SSL (Secure Sockets Layer)
o Digital Signature Algorithms: ECDSA,
ElGamal Signature Scheme
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
§ Code Breaking: Methodologies
§ Denial-of-Service Emulation
§ Cryptanalysis
§ Pentest using Appscan
§ Cryptography Attacks
§ HackerShield
§ Brute-Force Attack
§ Pen-Test Using Cerberus Internet Scanner
§ Cracking S/MIME Encryption Using Idle
CPU Time
§ Pen-Test Using Cybercop Scanner
§ distributed.net
§ Pen-Test Using FoundScan Hardware
Appliances
§ Use Of Cryptography
§ Pen-Test Using Nessus
§ Pen-Test Using NetRecon
Module 26: Penetration Testing
§ Pen-Test Using SAINT
§ Introduction to Penetration Testing (PT)
§ Pen-Test Using SecureNet Pro
§ Categories of security assessments
§ Pen-Test Using SecureScan
§ Vulnerability Assessment
§ Pen-Test Using SATAN, SARA and
Security Analyzer
§ Limitations of Vulnerability Assessment
§ Penetration Testing
§ Types of Penetration Testing
§ Risk Management
§ Do-It-Yourself Testing
§ Outsourcing Penetration Testing Services
§ Pen-Test Using STAT Analyzer
§ Pentest Using VigilENT
§ Pentest Using WebInspect
§ Pentest Using CredDigger
§ Pentest Using Nsauditor
§ Terms of Engagement
§ Evaluating Different Types of Pen-Test
Tools
§ Project Scope
§ Asset Audit
§ Pentest Service Level Agreements
§ Fault Tree and Attack Trees
§ Testing points
§ GAP Analysis
§ Testing Locations
§ Threat
§ Automated Testing
§ Business Impact of Threat
§ Manual Testing
§ Internal Metrics Threat
§ Using DNS Domain Name and IP Address
Information
§ External Metrics Threat
§ Enumerating Information about Hosts on
Publicly Available Networks
§ Calculating Relative Criticality
§ Test Dependencies
§ Testing Network-filtering Devices
§ Defect Tracking Tools: Bug Tracker Server
§ Enumerating Devices
§ Disk Replication Tools
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
§ DNS Zone Transfer Testing Tools
§ Pre-attack Phase
§ Network Auditing Tools
§ Best Practices
§ Trace Route Tools and Services
§ Results that can be Expected
§ Network Sniffing Tools
§ Passive Reconnaissance
§ Denial of Service Emulation Tools
§ Active Reconnaissance
§ Traditional Load Testing Tools
§ Attack Phase
§ System Software Assessment Tools
o Activity: Perimeter Testing
§ Operating System Protection Tools
o Activity: Web Application Testing
§ Fingerprinting Tools
o Activity: Wireless Testing
§ Port Scanning Tools
o Activity: Acquiring Target
§ Directory and File Access Control Tools
o Activity: Escalating Privileges
§ File Share Scanning Tools
o Activity: Execute, Implant and Retract
§ Password Directories
§ Post Attack Phase and Activities
§ Password Guessing Tools
§ Penetration Testing Deliverables
Templates
§ Link Checking Tools
§ Web-Testing Based Scripting tools
§ Buffer Overflow protection Tools
§ File Encryption Tools
§ Database Assessment Tools
§ Keyboard Logging and Screen Reordering
Tools
§ System Event Logging and Reviewing
Tools
Module 27: Covert Hacking
§ Insider Attacks
§ What is Covert Channel?
§ Security Breach
§ Why Do You Want to Use Covert
Channel?
§ Motivation of a Firewall Bypass
§ Tripwire and Checksum Tools
§ Covert Channels Scope
§ Mobile-code Scanning Tools
§ Covert Channel: Attack Techniques
§ Centralized Security Monitoring Tools
§ Simple Covert Attacks
§ Web Log Analysis Tools
§ Advanced Covert Attacks
§ Forensic Data and Collection Tools
§ Standard Direct Connection
§ Security Assessment Tools
§ Reverse Shell (Reverse Telnet)
§ Multiple OS Management Tools
§ Direct Attack Example
§ Phases of Penetration Testing
§ In-Direct Attack Example
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
§ Reverse Connecting Agents
·
Example Directory Traversal Function
§ Covert Channel Attack Tools
·
“dot dot” Method
o Netcat
·
Example Code for a “dot dot” Method
o DNS Tunneling
o Virus Infection: Step II
o Covert Channel Using DNS Tunneling
o Virus Infection: Step III
o DNS Tunnel Client
·
o DNS Tunneling Countermeasures
o Virus Infection: Step IV
o Covert Channel Using SSH
o Virus Infection: Step V
o Covert Channel using SSH (Advanced)
§ Components of Viruses
o HTTP/S Tunneling Attack
o Functioning of Replicator part
§ Covert Channel Hacking Tool: Active Port
Forwarder
o Writing Replicator
Marking a File for Infection
o Writing Concealer
§ Covert Channel Hacking Tool: CCTT
o Dispatcher
§ Covert Channel Hacking Tool: Firepass
o Writing Bomb/Payload
§ Covert Channel Hacking Tool: MsnShell
§ Covert Channel Hacking Tool: Web Shell
§ Covert Channel Hacking Tool: NCovert
o Ncovert - How it works
·
Trigger Mechanism
·
Bombs/Payloads
·
Brute Force Logic Bombs
§ Testing Virus Codes
§ Covert Channel Hacking via Spam E-mail
Messages
§ Tips for Better Virus Writing
§ Hydan
Module 28: Writing Virus Codes
Module 29: Assembly Language Tutorial
§ Introduction of Virus

Base 10 System
§ Types of Viruses

Base 2 System
§ Symptoms of a Virus Attack

Decimal 0 to 15 in Binary
§ Prerequisites for Writing Viruses

Binary Addition (C stands for Canary)
§ Required Tools and Utilities

Hexadecimal Number
§ Virus Infection Flow Chart

Hex Example
o Virus Infection: Step I

Hex Conversion
·

nibble
Directory Traversal Method
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center

Computer memory

Input and output

Characters Coding

C Interface

ASCII and UNICODE

Call

CPU

Creating a Program

Machine Language

Why should anyone learn assembly at all?

Compilers

Clock Cycle

Assembling the code

Original Registers

Compiling the C code

Instruction Pointer

Linking the object files

Pentium Processor

Understanding an assembly listing file

Interrupts

Big and Little Endian Representation

Interrupt handler

Skeleton File

External interrupts and Internal interrupts

Working with Integers

Handlers

Signed integers

Machine Language

Signed Magnitude

Assembly Language

Two’s Compliment

Assembler

If statements

Assembly Language Vs High-level Language

Do while loops

Assembly Language Compilers

Indirect addressing

Instruction operands

Subprogram

MOV instruction

The Stack

ADD instruction

The SS segment

SUB instruction

ESP

INC and DEC instructions

The Stack Usage

Directive

The CALL and RET Instructions

preprocessor

General subprogram form

equ directive

Local variables on the stack

%define directive


Data directives
General subprogram form with local
variables

Labels

Multi-module program

Saving registers
ITPro Global ® 2009
www.itpro.net.vn
o First.asm
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center

Labels of functions
o NASM

Calculating addresses of local variables
o GDB
o objdump
o ktrace
Module 30: Exploit Writing

Exploits Overview
o strace

Prerequisites for Writing Exploits and
Shellcodes
o readelf

Purpose of Exploit Writing

Types of Exploits

Stack Overflow

Heap Corruption

Steps for Writing a Shellcode

Issues Involved With Shellcode Writing
o Addressing problem
o Null byte problem
o System call implementation
o Format String
o Integer Bug Exploits
o Race Condition
o TCP/IP Attack

The Proof-of-Concept and Commercial
Grade Exploit

Converting a Proof of Concept Exploit to
Commercial Grade Exploit

Attack Methodologies

Socket Binding Exploits

Tools for Exploit Writing
o LibExploit
o Metasploit
o CANVAS
Module 31: Smashing the Stack for Fun and Profit

What is a Buffer?

Static Vs Dynamic Variables

Stack Buffers

Data Region

Memory Process Regions

What Is A Stack?

Why Do We Use A Stack?

The Stack Region

Stack frame

Stack pointer

Procedure Call (Procedure Prolog)

Steps for Writing an Exploit

Compiling the code to assembly

Differences Between Windows and Linux
Exploits

Call Statement

Shellcodes

Return Address (RET)

NULL Byte

Word Size

Types of Shellcodes

Stack

Tools Used for Shellcode Development

Buffer Overflows
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center

Error

Why do we get a segmentation violation?

Segmentation Error

Instruction Jump

Guess Key Parameters

Calculation

Shell Code
o The code to spawn a shell in C

Lets try to understand what is going on here.
We'll start by studying main:

execve()
o execve() system call

exit.c
o List of steps with exit call

The code in Assembly

JMP

Code using indexed addressing

Offset calculation

shellcodeasm.c

testsc.c

Compile the code

NULL byte

shellcodeasm2.c

testsc2.c

Writing an Exploit

overflow1.c

Compiling the code

sp.c

vulnerable.c

NOPs
o Using NOPs
ITPro Global ® 2009
www.itpro.net.vn
o Estimating the Location
Module 32: Windows Based Buffer Overflow
Exploit Writing

Buffer Overflow

Stack overflow

Writing Windows Based Exploits

Exploiting stack based buffer overflow

OpenDataSource Buffer Overflow
Vulnerability Details

Simple Proof of Concept

Windbg.exe

Analysis

EIP Register
o Location of EIP
o EIP

Execution Flow

But where can we jump to?

Offset Address

The Query

Finding jmp esp

Debug.exe

listdlls.exe

Msvcrt.dll

Out.sql

The payload

ESP

Limited Space

Getting Windows API/function absolute
address

Memory Address

Other Addresses
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center

Compile the program
§ Tool: LSW DotNet-Reflection-Browser

Final Code
§ Tool: Reflector
§ Tool: Spices NET.Decompiler
§ Tool: Decompilers.NET
Module 33: Reverse Engineering
§ .NET Obfuscator and .NET Obfuscation
§ Positive Applications of Reverse
Engineering
§ Java Bytecode Decompilers
§ Ethical Reverse Engineering
§ Tool: JODE Java Decompiler
§ World War Case Study
§ Tool: JREVERSEPRO
§ DMCA Act
§ Tool: SourceAgain
§ What is Disassembler?
§ Tool: ClassCracker
§ Why do you need to decompile?
§ Python Decompilers
§ Professional Disassembler Tools
§ Reverse Engineering Tutorial
§ Tool: IDA Pro
§ OllyDbg Debugger
§ Convert Machine Code to Assembly Code
§ How Does OllyDbg Work?
§ Decompilers
§ Debugging a Simple Console Application
§ Program Obfuscation
§ Convert Assembly Code to C++ code
§ Machine Decompilers
§ Tool: dcc
§ Machine Code of compute.exe Prorgam
§ Assembly Code of compute.exe Program
Module 34: MAC OS X Hacking

Introduction to MAC OS

Vulnerabilities in MAC
o Crafted URL Vulnerability
o CoreText Uninitialized Pointer Vulnerability
§ Code Produced by the dcc Decompiler in
C
o ImageIO Integer overflow Vulnerability
§ Tool: Boomerang
o DirectoryService Vulnerability
§ What Boomerang Can Do?
o iChat UPnP buffer overflow Vulnerability
§ Andromeda Decompiler
o ImageIO Memory Corruption Vulnerability
§ Tool: REC Decompiler
o Code Execution Vulnerability
§ Tool: EXE To C Decompiler
o UFS filesystem integer overflow Vulnerability
§ Delphi Decompilers
o Kernel "fpathconf()" System call Vulnerability
§ Tools for Decompiling .NET Applications
o UserNotificationCenter Privilege Escalation
Vulnerability
§ Salamander .NET Decompiler
ITPro Global ® 2009
www.itpro.net.vn
o Other Vulnerabilities in MAC
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center

How a Malformed Installer Package Can
Crack Mac OS X

Worm and Viruses in MAC
o OSX/Leap-A
o Inqtana.A
o Macro Viruses

Anti-Viruses in MAC
o VirusBarrier
o McAfee Virex for Macintosh
o Endpoint Security and Control
o Norton Internet Security

Mac Security Tools
o MacScan

Types of Router Attacks

Router Attack Topology

Denial of Service (DoS) Attacks

Packet “Mistreating” Attacks

Routing Table Poisoning

Hit-and-run Attacks vs. Persistent Attacks

Cisco Router
o Finding a Cisco Router
o How to Get into Cisco Router
o Breaking the Password
o Is Anyone Here
o Looking Around
o IPNetsentryx
o FileGuard
Countermeasures
Module 35: Hacking Routers, cable Modems and
Firewalls

Network Devices

Identifying a Router
o
Implications of a Router Attack
o Covering Tracks
o ClamXav


SING: Tool for Identifying the Router

Eigrp-tool

Tool: Zebra

Tool: Yersinia for HSRP, CDP, and other
layer 2 attacks

Tool: Cisco Torch

Monitoring SMTP(port25) Using SLcheck

Monitoring HTTP(port 80)

Cable Modem Hacking
o OneStep: ZUP

HTTP Configuration Arbitrary Administrative
Access Vulnerability

www.bypassfirewalls.net

ADMsnmp

Waldo Beta 0.7 (b)

Solarwinds MIB Browser

Brute-Forcing Login Services

Hydra

Analyzing the Router Config

Cracking the Enable Password

Tool: Cain and Abel
ITPro Global ® 2009
www.itpro.net.vn
Module 36: Hacking Mobile Phones, PDA and
Handheld Devices

Different OS in Mobile Phone

Different OS Structure in Mobile Phone

Evolution of Mobile Threat
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center

Threats
o Tool to Unlock iPhone: iPhoneSimFree

What Can A Hacker Do
o Tool to Unlock iPhone: anySIM

Vulnerabilities in Different Mobile Phones
o Steps for Unlocking your iPhone using AnySIM

Malware

Spyware
o Activate the Voicemail Button on your Unlocked
iPhone
o Spyware: SymbOS/Htool-SMSSender.A.intd
o Spyware: SymbOS/MultiDropper.CG
o Best Practices against Malware

Blackberry
o Blackberry Attacks
o Blackberry Attacks: Blackjacking
o BlackBerry Wireless Security
o BlackBerry Signing Authority Tool
o Countermeasures

PDA
o PDA Security Issues
o ActiveSync attacks
o HotSync Attack
o PDA Virus: Brador
o PDA Security Tools: TigerSuite PDA
o Security Policies for PDAs

iPod
o Misuse of iPod
o Jailbreaking
o Tools for jailbreaking: iFuntastic
o Prerequisite for iPhone Hacking
o Step by Step iPhone Hacking using iFuntastic
o Podloso Virus
o Security tool: Icon Lock-iT XP

Mobile: Is It a Breach to Enterprise Security?
o Threats to Organizations Due to Mobile Devices
o Security Actions by Organizations

Viruses
o Skulls
o Duts
o Doomboot.A: Trojan

Antivirus
o Kaspersky Antivirus Mobile
o Airscanner
o BitDefender Mobile Security
o SMobile VirusGuard
o Symantec AntiVirus
o F-Secure Antivirus for Palm OS
o BullGuard Mobile Antivirus

Security Tools
o Sprite Terminator
o Mobile Security Tools: Virus Scan Mobile

Defending Cell Phones and PDAs Against
Attack

Mobile Phone Security Tips
o Step by step iPhone Hacking
o AppSnapp
Steps for AppSnapp
ITPro Global ® 2009
www.itpro.net.vn
Module 37: Bluetooth Hacking

Bluetooth Introduction
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center

Security Issues in Bluetooth
o BlueSweep

Security Attacks in Bluetooth Devices
o Bluekey
o Bluejacking
o BlueFire Mobile Security Enterprise Edition
o Tools for Bluejacking
o BlueAuditor
o BlueSpam
o Bluetooth Network Scanner
o Blue snarfing

Countermeasures
o BlueBug Attack
o Short Pairing Code Attacks
Module 38: VoIP Hacking
o Man-In-Middle Attacks

What is VoIP
o OnLine PIN Cracking Attack

VoIP Hacking Steps
o BTKeylogging attack

Footprinting
o BTVoiceBugging attack
o Information Sources
o Blueprinting
o Unearthing Information
o Bluesmacking - The Ping of Death
o Organizational Structure and Corporate Locations
o Denial-of-Service Attack
o Help Desk
o BlueDump Attack
o Job Listings

Bluetooth hacking tools
o Phone Numbers and Extensions
o BTScanner
o VoIP Vendors
o Bluesnarfer
o Resumes
o Bluediving
o WHOIS and DNS Analysis
o Transient Bluetooth Environment Auditor
o Steps to Perform Footprinting
o BTcrack

Scanning
o Blooover
o Host/Device Discovery
o Hidattack
o ICMP Ping Sweeps

Bluetooth Viruses and Worms
o ARP Pings
o Cabir
o TCP Ping Scans
o Mabir
o SNMP Sweeps
o Lasco
o Port Scanning and Service Discovery

Bluetooth Security tools
o BlueWatch
ITPro Global ® 2009
www.itpro.net.vn
o TCP SYN Scan
o UDP Scan
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
o Host/Device Identification

Enumeration
o
Flooding Attacks
o DNS Cache Poisoning
o Steps to Perform Enumeration
o Sniffing TFTP Configuration File Transfers
o Banner Grabbing with Netcat
o Performing Number Harvesting and Call Pattern
Tracking
o SIP User/Extension Enumeration

REGISTER Username Enumeration

INVITE Username Enumeration

OPTIONS Username Enumeration

Automated OPTIONS Scanning with sipsak

Automated REGISTER, INVITE and
OPTIONS Scanning with SIPSCAN against
SIP server
o Call Eavesdropping
o Interception through VoIP Signaling Manipulation
o Man-In-The-Middle (MITM) Attack
o Application-Level Interception Techniques

How to Insert Rogue Application

SIP Rogue Application

Listening to/Recording Calls

Replacing/Mixing Audio
o Enumerating TFTP Servers

Dropping Calls with a Rogue SIP Proxy
o SNMP Enumeration

Randomly Redirect Calls with a Rogue SIP
Proxy

Additional Attacks with a Rogue SIP Proxy

Automated OPTIONS Scanning Using
SIPSCAN against SIP Phones
o Enumerating VxWorks VoIP Devices

Steps to Exploit the Network
o Denial-of-Service (DoS)
o
Distributed Denial-of-Service (DDoS) Attack
o Internal Denial-of-Service Attack
o DoS Attack Scenarios
o What is Fuzzing

Why Fuzzing

Commercial VoIP Fuzzing tools
o Signaling and Media Manipulation

Registration Removal with
erase_registrations Tool

Registration Addition with add_registrations
Tool
o Eavesdropping
o Packet Spoofing and Masquerading
o Replay Attack
o Call Redirection and Hijacking
o ARP Spoofing
o VoIP Phishing

Covering Tracks
o ARP Spoofing Attack
o Service Interception
o H.323-Specific Attacks
o SIP Security Vulnerabilities
o SIP Attacks
ITPro Global ® 2009
www.itpro.net.vn
Module 39: RFID Hacking
§ RFID- Definition
§ Components of RFID Systems
§ RFID Collisions
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center

RFID Risks
o Business Process Risk
o Technical Controls
§ RFID Security
o Business Intelligence Risk
o Privacy Risk
o Externality Risk
Module 40: Spamming

Introduction

Hazards of Electromagnetic Radiation

Techniques used by Spammers

Computer Network Attacks

How Spamming is performed
§ RFID and Privacy Issues

Spammer: Statistics
§ Countermeasures

Worsen ISP: Statistics
§ RFID Security and Privacy Threats

Top Spam Effected Countries: Statistics
o Sniffing

Types of Spam Attacks
o Tracking

Spamming Tools
o Spoofing
o Farelogic Worldcast
o Replay attacks
o 123 Hidden Sender
o Denial-of-service
o YL Mail Man
§ Protection Against RFID Attacks
o Sendblaster
§ RFID Guardian
o Direct Sender
§ RFID Malware
o Hotmailer
o How to Write an RFID Virus
o PackPal Bulk Email Server
o How to Write an RFID Worm
o IEmailer
o Defending Against RFID Malware

Anti-Spam Techniques
§ RFID Exploits

Anti- Spamming Tools
§ Vulnerabilities in RFID-enabled Credit Cards
o AEVITA Stop SPAM Email
o Skimming Attack
o SpamExperts Desktop
o Replay Attack
o SpamEater Pro
o Eavesdropping Attack
o SpamWeasel
§ RFID Hacking Tool: RFDump
o Spytech SpamAgent
§ RFID Security Controls
o AntispamSniper
o Management Controls
o Spam Reader
o Operational Controls
o Spam Assassin Proxy (SA) Proxy
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
o MailWasher Free
o USB CopyNotify
o Spam Bully
o Remora USB File Guard

Countermeasures
o Advanced USB Pro Monitor
o Folder Password Expert USB
Module 41: Hacking USB Devices
o USBlyzer
§ Introduction to USB Devices
o USB PC Lock Pro
§ Electrical Attack
o Torpark
§ Software Attack
o Virus Chaser USB
§ USB Attack on Windows
§ Countermeasures
§ Viruses and Worms
o W32/Madang-Fam
Module 42: Hacking Database Servers
o W32/Hasnot-A

Hacking Database server: Introduction
o W32/Fujacks-AK

Hacking Oracle Database Server
o W32/Fujacks-E
o Attacking Oracle
o W32/Dzan-C
o Security Issues in Oracle
o W32/SillyFD-AA
o Types of Database Attacks
o W32/SillyFDC-BK
o How to Break into an Oracle Database and Gain
DBA Privileges
o W32/LiarVB-A
o W32/Hairy-A
o W32/QQRob-ADN
o W32/VBAut-B
o HTTP W32.Drom
§ Hacking Tools
o USB Dumper
o USB Switchblade
o USB Hacksaw
§ USB Security Tools
o MyUSBonly
o USBDeview
o USB-Blocker
ITPro Global ® 2009
www.itpro.net.vn
o Oracle Worm: Voyager Beta
o Ten Hacker Tricks to Exploit SQL Server Systems

Hacking SQL Server
o How SQL Server is Hacked
o Query Analyzer
o odbcping Utility
o Tool: ASPRunner Professional
o Tool: FlexTracer

Security Tools

SQL Server Security Best Practices:
Administrator Checklist
§ SQL Server Security Best Practices: Developer
Checklist
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center

Introduction to Internet Filter
o
Key Features of Internet Filters
o
Pros and Cons of Internet Filters

Internet Content Filtering Tools
o
iProtectYou
o
Tool: Block Porn
o
Tool: FilterGate
o
Tool: Adblock
o
Tool: AdSubtract
o
Tool: GalaxySpy
o
Tool: AdsGone Pop Up Killer
o
Tool: AntiPopUp
o
Tool: Pop Up Police
o
Tool: Super Ad Blocker
o
Tool: Anti-AD Guard
o
Net Nanny
o
CyberSieve
o
BSafe Internet Filter
o
Tool: Stop-the-Pop-Up Lite
o
Tool: WebCleaner
o
Tool: AdCleaner
o
Tool: Adult Photo Blanker
o
Tool: LiveMark Family
§ Table 1: How Websites Support Objectives of
terrorist/Extremist Groups
o
Tool: KDT Site Blocker
§ Electronic Jihad
o
Internet Safety Guidelines for Children
Module 43: Cyber Warfare- Hacking, Al-Qaida and
Terrorism
§ Cyber Terrorism Over Internet
§ Cyber-Warfare Attacks
§ 45 Muslim Doctors Planned US Terror Raids
§ Net Attack
§ Al-Qaeda
§ Why Terrorists Use Cyber Techniques
§ Cyber Support to Terrorist Operations
§ Planning
§ Recruitment
§ Research
§ Propaganda
§ Propaganda: Hizballah Website
§ Cyber Threat to the Military
§ Russia ‘hired botnets’ for Estonia Cyber-War
§ NATO Threatens War with Russia
§ Bush on Cyber War: ‘a subject I can learn a lot
about’
§ E.U. Urged to Launch Coordinated Effort Against
Cybercrime
§ Budget: Eye on Cyber-Terrorism Attacks
§ Cyber Terror Threat is Growing, Says Reid
§ Terror Web 2.0
§ Electronic Jihad' App Offers Cyber Terrorism for
the Masses
§ Cyber Jihad – Cyber Firesale
§ http://internet-haganah.com/haganah/
Module 45: Privacy on the Internet

Internet privacy

Proxy privacy

Spyware privacy
Module 44: Internet Content Filtering Techniques
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center

Email privacy
o
Max Internet Optimizer

Cookies
o
Hotspot Shield

Examining Information in Cookies
o
Anonymous Browsing Toolbar

How Internet Cookies Work
o
Invisible Browsing

How Google Stores Personal Information
o
Real Time Cleaner

Google Privacy Policy
o
Anonymous Web Surfing

Web Browsers
o
Anonymous Friend

Web Bugs
o
Easy Hide IP

Downloading Freeware

Internet Relay Chat
o
Agnitum firewall

Pros and Cons of Internet Relay Chat
o
Firestarter

Electronic Commerce
o
Sunbelt Personal Firewall

Internet Privacy Tools: Anonymizers
o
Netdefender
Internet Privacy Tools: Firewall Tools
o
Anonymizer Anonymous Surfing
o
Anonymizer Total Net Shield
o
Privacy Eraser
o
Anonymizer Nyms
o
CookieCop
o
Anonymizer Anti-Spyware
o
Cookiepal
o
Anonymizer Digital Shredder Lite
o
Historykill
o
Steganos Internet Anonym
o
Tracks eraser
o
Invisible IP Map
o
NetConceal Anonymity Shield
o
Protecting Search Privacy
o
Anonymous Guest
o
Tips for Internet Privacy
o
ViewShield
o
IP Hider
o
Mask Surf Standard
o
VIP Anonymity

Statistics for Stolen and Recovered Laptops
o
SmartHide

Statistics on Security
o
Anonymity Gateway

o
Hide My IP
Percentage of Organizations Following the
Security Measures
Claros Anonymity

Laptop threats
o

Laptop Theft
ITPro Global ® 2009
www.itpro.net.vn
Internet Privacy Tools: Others


Best Practices
Counter measures
Module 46: Securing Laptop Computers
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center

Fingerprint Reader

Protecting Laptops Through Face
Recognition

Bluetooth in Laptops

Tools
o Laptop Security
o Laptop Security Tools
o Laptop Alarm
o Flexysafe
o Master Lock
o eToken
o STOP-Lock
o True Crypt
o PAL PC Tracker
o Cryptex
o Dekart Private Disk Multifactor
o Laptop Anti-Theft
o Inspice Trace
o ZTRACE GOLD
o SecureTrieve Pro
o XTool Laptop Tracker
o XTool Encrypted Disk
o XTool Asset Auditor
o XTool Remote Delete
§ Securing from Physical Laptop Thefts
§ Hardware Security for Laptops
§ Protecting the Sensitive Data
§ Preventing Laptop Communications from Wireless
Threats
Module 47: Spying Technologies
§ Spying
§ Motives of Spying
§ Spying Devices
o Spying Using Cams
o Video Spy
o Video Spy Devices
o Tiny Spy Video Cams
o Underwater Video Camera
o Camera Spy Devices
o Goggle Spy
o Watch Spy
o Pen Spy
o Binoculars Spy
o Toy Spy
o Spy Helicopter
o Wireless Spy Camera
o Spy Kit
o Spy Scope: Spy Telescope and Microscope
o Spy Eye Side Telescope
o Audio Spy Devices
o Eavesdropper Listening Device
o GPS Devices
o Spy Detectors
o Spy Detector Devices
§ Vendors Hosting Spy Devices
o Spy Gadgets
§ Protecting the Stolen Laptops from Being Used
o Spy Tools Directory
§ Security Tips
o Amazon.com
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
o Spy Associates

Techniques Used for Corporate Espionage
o Paramountzone

Process of Hacking
o Surveillance Protection

Former Forbes Employee Pleads Guilty
§ Spying Tools

o Net Spy Pro-Computer Network Monitoring and
Protection
Former Employees Abet Stealing Trade
Secrets

California Man Sentenced For Hacking
o SpyBoss Pro

Federal Employee Sentenced for Hacking
o CyberSpy

Facts
o Spytech SpyAgent

Key Findings from U.S Secret Service and
CERT Coordination Center/SEI study on
Insider Threat

Tools
o ID Computer Spy
o e-Surveiller
o KGB Spy Software
o NetVizor
o O&K Work Spy
o Privatefirewall w/Pest Patrol
o WebCam Spy
§ Countermeasures
o Golden Eye
o Best Practices against Insider Threat
§ Anti-Spying Tools
o Countermeasures
o Internet Spy Filter
o Spybot - S&D
Module 49: Creating Security Policies
o SpyCop

Security policies
o Spyware Terminator

Key Elements of Security Policy
o XoftSpySE

Defining the Purpose and Goals of Security
Policy

Role of Security Policy

Classification of Security Policy
Module 48: Corporate Espionage- Hacking Using
Insiders

Introduction To Corporate Espionage

Design of Security Policy

Information Corporate Spies Seek

Contents of Security Policy

Insider Threat

Configurations of Security Policy

Different Categories of Insider Threat

Implementing Security Policies

Privileged Access

Types of Security Policies

Driving Force behind Insider Attack
o
Promiscuous Policy

Common Attacks carried out by Insiders
o
Permissive Policy
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
o
Prudent Policy
o
Paranoid Policy
o
Acceptable-Use Policy

Software Activation: Introduction
o
User-Account Policy
o
Process of Software Activation
o
Remote-Access Policy

Piracy
o
Information-Protection Policy
o
Piracy Over Internet
o
Firewall-Management Policy
o
Abusive Copies
o
Special-Access Policy
o
Pirated Copies
o
Network-Connection Policy
o
Cracked Copies
o
Business-Partner Policy
o
Impacts of piracy
o
Other Important Policies
o
Software Piracy Rate in 2006

Policy Statements
o
Piracy Blocking

Basic Document Set of Information Security
Policies

Software Copy Protection Backgrounders
o
E-mail Security Policy
CD Key Numbers

o
Best Practices for Creating E-mail Security
Policies
Dongles
o
o
Media Limited Installations
o
User Identification and Passwords Policy
o
Protected Media

Software Security Policy
o
Hidden Serial Numbers

Software License Policy
o
Digital Right Management (DRM)

Points to Remember While Writing a Security
Policy
o
Copy protection for DVD

Warez

Sample Policies
o
Warez
o
Remote Access Policy
o
Types of Warez
o
Warez Distribution
o
Distribution Methods

Tool: Crypkey

Tool: EnTrial

EnTrial Tool: Distribution File

EnTrial Tool: Product & Package Initialization
Dialog

EnTrial Tool: Add Package GUI
o
Wireless Security Policy
o
E-mail Security Policy
o
E-mail and Internet Usage Policies
o
Personal Computer Acceptable Use Policy
o
Firewall Management policy
o
Internet Acceptable Use Policy
o
User Identification and Password Policy
o
Software License Policy
ITPro Global ® 2009
www.itpro.net.vn
Module 50: Software Piracy and Warez
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center

Tool: DF_ProtectionKit
§ Example for Attacker to Attack the Feeds

Tool: Crack Killer
§ Tools

Tool: Logic Protect
o Perseptio FeedAgent

Tool: Software License Manager
o RssFeedEater

Tool: Quick License Manager
o Thingamablog

Tool: WTM CD Protect
o RSS Builder
Module 51: Hacking and Cheating Online Games
o RSS Submit

Online Games: Introduction
o FeedDemon

Basics of Game Hacking
o FeedForAll

Threats in Online Gaming
o FeedExpress

Cheating in Online Computer Games
o RSS and Atom Security

Types of Exploits

Example of popular game exploits
Module 53: Hacking Web Browsers (Firefox, IE)

Stealing Online Game Passwords
§ Introduction
o
Stealing Online Game Passwords: Social
Engineering and Phishing
§ How Web Browsers Work

Online Gaming Malware from 1997-2007

Best Practices for Secure Online Gaming

Tips for Secure Online Gaming
§ How Web Browsers Access HTML Documents
§ Protocols for an URL
§ Hacking Firefox
Module 52: Hacking RSS and Atom
o Firefox Proof of Concept Information Leak
Vulnerability
§ Introduction
o Firefox Spoofing Vulnerability
§ Areas Where RSS and Atom is Used
o Password Vulnerability
§ Building a Feed Aggregator
o Concerns With Saving Form Or Login Data
§ Routing Feeds to the Email Inbox
o Cleaning Up Browsing History
§ Monitoring the Server with Feeds
o Cookies
§ Tracking Changes in Open Source Projects
o Internet History Viewer: Cookie Viewer
§ Risks by Zone
§ Firefox Security
o Remote Zone risk
o Blocking Cookies Options
o Local Zone Risk
o Tools For Cleaning Unwanted Cookies
§ Reader Specific Risks
o Tool: CookieCuller
§ Utilizing the Web Feeds Vulnerabilities
o Getting Started
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
o Privacy Settings
o AutoFill
o Security Settings
o Security Features
o Content Settings
§ Hacking Netscape
o Clear Private Data
o Netscape Navigator Improperly Validates SSL
Sessions
o Mozilla Firefox Security Features
§ Hacking Internet Explorer
o Redirection Information Disclosure Vulnerability
o Window Injection Vulnerability
§ Internet Explorer Security
o Getting Started
o Security Zones
o Custom Level
o Netscape Navigator Security Vulnerability
§ Securing Netscape
o Getting Started
o Privacy Settings
o Security Settings
o Content Settings
o Clear Private Data
o Trusted Sites Zone
o Privacy
o Overwrite Automatic Cookie Handling
o Per Site Privacy Actions
o Specify Default Applications
o Internet Explorer Security Features
§ Hacking Opera
o JavaScript Invalid Pointer Vulnerability
o BitTorrent Header Parsing Vulnerability
o Torrent File Handling Buffer Overflow Vulnerability
§ Security Features of Opera
o Security and Privacy Features
§ Hacking Safari
o Safari Browser Vulnerability
o iPhone Safari Browser Memory Exhaustion
Remote Dos Vulnerability
Module 54: Proxy Server Technologies
§ Introduction: Proxy Server
§ Working of Proxy Server
§ Types of Proxy Server
§ Socks Proxy
§ Free Proxy Servers
§ Use of Proxies for Attack
§ Tools
o WinGate
o UserGate Proxy Server
o Advanced FTP Proxy Server
o Trilent FTP Proxy
o SafeSquid
o AllegroSurf
o ezProxy
§ Securing Safari
o Proxy Workbench
o Getting started
o ProxyManager Tool
o Preferences
o Super Proxy Helper Tool
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
o MultiProxy
o Imperva: SecureSphere
§ How Does MultiProxy Work
o MailMarshal
§ TOR Proxy Chaining Software
o WebMarshal
§ TOR Proxy Chaining Software
o Marshal EndPoint
§ AnalogX Proxy
o Novell ZENworks Endpoint Security Management
§ NetProxy
o Prism EventTracker
§ Proxy+
o Proofpoint Messaging Security Gateway
§ ProxySwitcher Lite
o Proofpoint Platform Architecture
§ Tool: JAP
o Summary Dashboard
§ Proxomitron
o End-user Safe/Block List
§ SSL Proxy Tool
o Defiance Data Protection System
§ How to Run SSL Proxy
o Sentrigo: Hedgehog
o Symantec Database Security
Module 55: Data Loss Prevention
o Varonis: DataPrivilege
§ Introduction: Data Loss
o Verdasys: Digital Guardian
§ Causes of Data Loss
o VolumeShield AntiCopy
§ How to Prevent Data Loss
o Websense Content Protection Suite
§ Impact Assessment for Data Loss Prevention
§ Tools
o Security Platform
o Check Point Software: Pointsec Data Security
o Cisco (IronPort)
o Content Inspection Appliance
o CrossRoads Systems: DBProtector
o Strongbox DBProtector Architecture
o DeviceWall
o Exeros Discovery
o GFi Software: GFiEndPointSecurity
o GuardianEdge Data Protection Platform
o ProCurve Identity Driven Manager (IDM)
Module 56: Hacking Global Positioning System
(GPS)

Geographical Positioning System (GPS)

Terminologies

GPS Devices Manufacturers

Gpsd-GPS Service Daemon

Sharing Waypoints

Wardriving

Areas of Concern

Sources of GPS Signal Errors

Methods to Mitigate Signal Loss

GPS Secrets
o
ITPro Global ® 2009
www.itpro.net.vn
GPS Hidden Secrets
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center


o
Secret Startup Commands in Garmin
o Category of Incidents: Low Level
o
Hard Reset/ Soft Reset
o Category of Incidents: Mid Level
Firmware Hacking
o Category of Incidents: High Level
o
Firmware
o How to Identify an Incident
o
Hacking GPS Firmware: Bypassing the
Garmin eTrex Vista Startup Screen
o How to Prevent an Incident
o
Hacking GPS Firmware: Bypassing the
Garmin eTrex Legend Startup Screen
o
Hacking GPS Firmware: Bypassing the
Garmin eTrex Venture Startup Screen
GPS Tools
o
Tool: GPS NMEA LOG
o
Tool: GPS Diagnostic
o
Tool: RECSIM III
o
Tool: G7toWin
o
Tool: G7toCE
o
Tool: GPS Security Guard
o
GPS Security Guard Functions
o
UberTracker
o Defining the Relationship between Incident
Response, Incident Handling, and Incident
Management
o Incident Response Checklist
o Handling Incidents
o Procedure for Handling Incident
·
Stage 1: Preparation
·
Stage 2: Identification
·
Stage 3: Containment
·
Stage 4: Eradication
·
Stage 5: Recovery
·
Stage 6: Follow-up
§ Incident Management
§ Why don’t Organizations Report Computer Crimes
§ Estimating Cost of an Incident
Module 57: Computer Forensics and Incident
Handling
§ Whom to Report an Incident
§ Computer Forensics
§ Incident Reporting
o What is Computer Forensics
§ Vulnerability Resources
o Need for Computer Forensics
§ What is CSIRT
o Objectives of Computer Forensics
o CSIRT: Goals and Strategy
o Stages of Forensic Investigation in Tracking Cyber
Criminals
o Why an Organization needs an Incident Response
Team
o Key Steps in Forensic Investigations
o CSIRT Case Classification
o List of Computer Forensics Tools
o Types of Incidents and Level of Support
§ Incident Handling
o Incident Specific Procedures-I (Virus and Worm
Incidents)
o Present Networking Scenario
o Incident Specific Procedures-II (Hacker Incidents)
o What is an Incident
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
o Incident Specific Procedures-III (Social Incidents,
Physical Incidents)
o Credit Card Fraud Detection Technique: Pattern
Detection
o How CSIRT Handles Case: Steps
o Credit Card Fraud Detection Technique: Fraud
Screening
o Example of CSIRT
o Best Practices for Creating a CSIRT
·
in
Step 1: Obtain Management Support and Buy-
o XCART: Online fraud Screening Service
o Card Watch
o MaxMind Credit Card Fraud Detection
·
Step 2: Determine the CSIRT Development
Strategic Plan
·
Step 3: Gather Relevant Information
·
Step 4: Design your CSIRT Vision
·
Step 5: Communicate the CSIRT Vision
·
Step 6: Begin CSIRT Implementation
·
Step 7: Announce the CSIRT
§ World CERTs http://www.trustedintroducer.nl/teams/country.html
o 3D Secure
o Limitations of 3D Secure
o FraudLabs
o www.pago.de
o Pago Fraud Screening Process
o What to do if you are a Victim of a Fraud
o Facts to be Noted by Consumers
§ Best Practices: Ways to Protect Your Credit Cards
§ http://www.first.org/about/organization/teams/
§ IRTs Around the World
Module 58: Credit Card Frauds
§ E-Crime
§ Statistics
§ Credit Card
o Credit Card Fraud
o Credit Card Fraud
o Credit Card Fraud Over Internet
o Net Credit/Debit Card Fraud In The US After
Gross Charge-Offs
Module 59: How to Steal Passwords
§
§
§
§
Password Stealing
How to Steal Passwords
Password Stealing Techniques
Password Stealing Trojans
o MSN Hotmail Password Stealer
o AOL Password Stealer
o Trojan-PSW.Win32.M2.14.a
o CrazyBilets
o Dripper
o Fente
o GWGhost
§ Credit Card Generators
o Kesk
o Credit Card Generator
o MTM Recorded pwd Stealer
o RockLegend’s !Credit Card Generator
o Password Devil
§ Credit Card Fraud Detection
§ Password Stealing Tools
o Password Thief
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
o Remote Password Stealer
o Symantec Enterprise Firewall
o POP3 Email Password Finder
o Kerio WinRoute Firewall
o Instant Password Finder
o Sunbelt Personal Firewall
o MessenPass
o Xeon Firewall
o PstPassword
o InJoy Firewall
o Remote Desktop PassView
o PC Tools Firewall Plus
o IE PassView
o Comodo Personal Firewall
o Yahoo Messenger Password
o ZoneAlarm
§ Recommendations for Improving Password
Security
§ Best Practices
§ Linux Firewalls
o KMyFirewall
o Firestarter
Module 60: Firewall Technologies
o Guarddog
§ Firewalls: Introduction
o Firewall Builder
§ Hardware Firewalls
§ Mac OS X Firewalls
o Hardware Firewall
o Flying Buttress
o Netgear Firewall
o DoorStop X Firewall
o Personal Firewall Hardware: Linksys
o Intego NetBarrier X5
o Personal Firewall Hardware: Cisco’s PIX
o Little Snitch
o Cisco PIX 501 Firewall
o Cisco PIX 506E Firewall
o Cisco PIX 515E Firewall
Module 61: Threats and Countermeasures

Domain Level Policies
o CISCO PIX 525 Firewall
o Account Policies
o CISCO PIX 535 Firewall
o Password Policy
o Check Point Firewall
o Password Policy
o Nortel Switched Firewall
o Password Policy - Policies
§ Software Firewalls

Enforce Password History
o Software Firewall
o Enforce Password History - Vulnerability
§ Windows Firewalls
o Enforce Password History - Countermeasure
o Norton Personal Firewall
o Enforce Password History - Potential Impact
o McAfee Personal Firewall
ITPro Global ® 2009
www.itpro.net.vn

Maximum Password Age
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
o Password Age - Vulnerability
o Account Lockout Threshold - Vulnerability
o Maximum Password Age - Countermeasure
o Account Lockout Threshold - Countermeasure
o Maximum Password Age - Potential Impact
o Account Lockout Threshold - Potential Impact
o Maximum Password Age

Reset Account Lockout Counter After
o Minimum Password Age

Kerberos Policy
o Minimum Password Age - Vulnerability
o Kerberos Policy - Policies
o Minimum Password Age - Countermeasure

Enforce User Logon Restrictions
o Minimum Password Age - Potential Impact

Maximum Lifetime for Service Ticket
o Minimum Password Age

Minimum Password Length
o Minimum Password Length - Vulnerability
o Maximum Lifetime for User Ticket
o Maximum Lifetime for User Ticket Renewal

Maximum Tolerance for Computer Clock
Synchronization

Audit Policy
o Minimum Password Length - Countermeasure
o Minimum Password Length - Potential Impact
o Minimum Password Length

Passwords Must Meet Complexity
Requirements
o Passwords must Meet Complexity Requirements Vulnerability
o Passwords must Meet Complexity Requirements Countermeasure
o Passwords must Meet Complexity Requirements Potential Impact
o Passwords must Meet Complexity Requirements

Store Password using Reversible Encryption
for all Users in the Domain

Account Lockout Policy
o Audit Settings
o Audit Account Logon Events
o Audit Account Management
o Audit Directory Service Access
o Audit Logon Events
o Audit Object Access
o Audit Policy Change
o Audit Privilege Use
o Audit Process Tracking
o Audit System Events

User Rights

Access this Computer from the Network
Account Lockout Duration

Act as Part of the Operating System
o Account Lockout Duration - Vulnerability

Add Workstations to Domain
o Account Lockout Duration - Countermeasure

Adjust Memory Quotas for a Process
o Account Lockout Duration - Potential Impact

Allow Log On Locally
o Account Lockout Duration

Allow Log On through Terminal Services

Back Up Files and Directories
o Account Lockout Policy - Policies


Account Lockout Threshold
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center

Bypass Traverse Checking

Shut Down the System

Change the System Time

Synchronize Directory Service Data

Create a Page File

Take Ownership of Files or Other Objects

Create a Token Object

Security Options

Create Global Objects

Accounts: Administrator Account Status

Create Permanent Shared Objects

Debug Programs

Deny Access to this Computer from the
Network

Deny Log On as a Batch Job

Deny Log On as a Service

Deny Log On Locally

Deny Log On through Terminal Services

Enable Computer and User Accounts to be
Trusted for Delegation

Force Shutdown from a Remote System

Generate Security Audits

Impersonate a Client after Authentication

Increase Scheduling Priority

Load and Unload Device Drivers

Lock Pages in Memory

Log On as a Batch Job

Log On as a Service

Manage Auditing and Security Log

Modify Firmware Environment Values

Perform Volume Maintenance Tasks

Profile Single Process

Profile System Performance

Remove Computer from Docking Station

Replace a Process Level Token

Restore Files and Directories
ITPro Global ® 2009
www.itpro.net.vn
o Accounts: Administrator Account Status Vulnerability
o Accounts: Administrator Account Status
o Accounts: Guest Account Status
o Accounts: Limit Local Account Use of Blank
Passwords to Console Logon Only
o Accounts: Rename Administrator Account
o Accounts: Rename Guest Account

Audit: Audit the Access of Global System
Objects
o Audit: Audit the Use of Backup and Restore
Privilege
o Audit: Shut Down System Immediately if Unable to
Log Security Audits

DCOM: Machine Access/Launch Restrictions
in Security Descriptor Definition Language
(SDDL)
o
DCOM: Machine Access/Launch
Restrictions in Security Descriptor
Definition Language (SDDL)

Devices: Allow Undock without having to Log
On

Devices: Allowed to Format and Eject
Removable Media

Devices: Prevent Users from Installing
Printer Drivers

Devices: Restrict CD-ROM/Floppy Access to
Locally Logged-on User Only

Devices: Restrict CD-ROM Access to Locally
Logged-on User Only

Devices: Unsigned Driver Installation
Behavior
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center

Domain Controller: Allow Server Operators to
Schedule Tasks

Network Access: Do Not Allow Anonymous
Enumeration of SAM Accounts

Domain Controller: LDAP Server Signing
Requirements


Domain Controller: Refuse Machine Account
Password Changes
Network Access: Do Not Allow Storage of
Credentials or .NET Passports for Network
Authentication

Domain Member: Digitally Encrypt or Sign
Secure Channel Data
Network Access: Let Everyone Permissions
Apply to Anonymous Users

Domain Member: Disable Machine Account
Password Changes
Network Access: Named Pipes that can be
Accessed Anonymously

Domain Member: Maximum Machine
Account Password Age
Network Access: Remotely Accessible
Registry Paths

Domain Member: Require Strong
(Windows 2000 or Later) Session Key
Network Access: Remotely Accessible
Registry Paths and Sub-paths

Interactive Logon: Do Not Display Last User
Name
Network Access: Restrict Anonymous
Access to Named Pipes and Shares

Interactive Logon: Do Not Require
CTRL+ALT+DEL
Network Access: Shares that can be
Accessed Anonymously

Interactive Logon: Message Text for Users
Attempting to Log On
Network Access: Sharing and Security Model
for Local Accounts

Network Security: Do Not Store LAN
Manager Hash Value on Next Password
Change

Network Security: Force Logoff when Logon
Hours Expire

Network Security: LAN Manager
Authentication Level

Network Security: LDAP Client Signing
Requirements








Interactive Logon: Number of Previous
Logons to Cache

Interactive Logon: Prompt User to Change
Password before Expiration

Interactive Logon: Require Domain Controller
Authentication to Unlock Workstation

Interactive Logon: Require Smart Card

Interactive Logon: Smart Card Removal
Behavior


Microsoft Network Client and Server: Digitally
Sign Communications (Four Related
Settings)
Network Security: Minimum Session Security
for NTLM SSP based (Including Secure
RPC) Clients/Servers

Microsoft Network Client: Send Unencrypted
Password to Third-party SMB Servers
Network Security: Minimum Session Security
for NTLM SSP based (Including Secure
RPC) Clients

Microsoft Network Server: Amount of Idle
Time Required before Suspending Session
Recovery Console: Allow Automatic
Administrative Logon

Microsoft Network Server: Disconnect Clients
when Logon Hours Expire
Recovery Console: Allow Floppy Copy and
Access to all Drives and all Folders

Network Access: Allow Anonymous
SID/Name Translation
Shutdown: Allow System to be Shut Down
Without Having to Log On

Shutdown: Clear Virtual Memory Page File




®
ITPro Global 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
System Cryptography: Force Strong Key
Protection for User Keys Stored on the
Computer

Client Service for NetWare

ClipBook
System Cryptography: Use FIPS Compliant
Algorithms for Encryption, Hashing, and
Signing

Cluster Service

COM+ Event System
System Objects: Default Owner for Objects
Created by Members of the Administrators
Group

COM+ System Application

Computer Browser
System Objects: Require Case Insensitivity
for Non-Windows Subsystems

Cryptographic Services

DCOM Server Process Launcher

DHCP Client

DHCP Server

Distributed File System

Distributed Link Tracking Client

Distributed Link Tracking Server

Distributed Transaction Coordinator

DNS Client
o Retain Event Logs

DNS Server
o Retention Method for Event Log

Error Reporting Service
o Delegating Access to the Event Logs

Event Log





System Objects: Strengthen Default
Permissions of Internal System Objects

System Settings: Use Certificate Rules on
Windows Executables for Software
Restriction Policies

Event Log
o Maximum Event Log Size
o Prevent Local Guests Group from Accessing
Event Logs

System Services

Fast User Switching Compatibility

Services Overview

Fax Service

Do Not Set Permissions on Service Objects

File Replication

Manually Editing Security Templates

File Server for Macintosh

System Services - Alerter

FTP Publishing Service

Application Experience Lookup Service

Help and Support

Application Layer Gateway Service

HTTP SSL

Application Management

Human Interface Device Access

ASP .NET State Service

IAS Jet Database Access

Automatic Updates

IIS Admin Service

Background Intelligent Transfer Service
(BITS)

IMAPI CD-Burning COM Service

Certificate Services

Indexing Service
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center

Infrared Monitor

Plug and Play

Internet Authentication Service

Portable Media Serial Number

Intersite Messaging

Print Server for Macintosh

IP Version 6 Helper Service

Print Spooler

IPSec Policy Agent (IPSec Service)

Protected Storage

IPSec Services

QoS RSVP Service

Kerberos Key Distribution Center

Remote Access Auto Connection Manager

License Logging Service

Logical Disk Manager
o Logical Disk Manager Administrative Service

Machine Debug Manager

Message Queuing
o Remote Access Connection Manager

Remote Administration Service

Help Session Manager
o Remote Desktop Help Session Manager

Remote Installation
o Message Queuing Down Level Clients
o Remote Procedure Call (RPC)
o Message Queuing Triggers
o Remote Procedure Call (RPC) Locator
o Messenger
o Remote Registry Service

Microsoft POP3 Service
o Remote Server Manager

Microsoft Software Shadow Copy Provider
o Remote Server Monitor

MSSQL$UDDI
o Remote Storage Notification

MSSQLServerADHelper
o Remote Storage Server

.NET Framework Support Service

Removable Storage

Net Logon

Resultant Set of Policy Provider

NetMeeting Remote Desktop Sharing

Routing and Remote Access

Network Connections

SAP Agent

Network DDE

Secondary Logon

Network DDE DSDM

Security Accounts Manager

Network Location Awareness (NLA)

Security Center

Network Provisioning Service

Server

Network News Transfer Protocol (NNTP)

Shell Hardware Detection

NTLM Security Support Provider

Simple Mail Transport Protocol (SMTP)

Performance Logs and Alerts

Simple TCP/IP Services
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center

Smart Card

NetMeeting

Special Administration Console Helper

Disable Remote Desktop Sharing

System Event Notification

Internet Explorer Computer Settings

System Restore Service


Task Scheduler
Disable Automatic Install of Internet Explorer
Components

TCP/IP NetBIOS Helper Service

Disable Periodic Check for Internet Explorer
Software Updates

TCP/IP Print Server


Telnet
Disable Software Update Shell Notifications
on Program Launch

Terminal Services

Make Proxy Settings Per-Machine (Rather
than Per-User)

Security Zones: Do Not Allow Users to
Add/Delete Sites

Turn off Crash Detection

Do Not Allow Users to Enable or Disable
Add-ons

Internet Explorer\Internet Control
Panel\Security Page

Internet Explorer\Internet Control
Panel\Advanced Page

Allow Software to Run or Install Even if the
Signature is Invalid

Allow Active Content from CDs to Run on
User Machines
o Windows System Resource Manager

Allow Third-party Browser Extensions
o Windows Time

Check for Server Certificate Revocation
o Terminal Services Licensing
o Terminal Services Session Directory

Trivial FTP Daemon

Uninterruptible Power Supply

Upload Manager

Virtual Disk Service

WebClient

Web Element Manager

Windows Firewall /Internet Connection
Sharing
o Windows Installer

WinHTTP Web Proxy Auto-Discovery
Service

Check for Signatures On Downloaded
Programs

Wireless Configuration

Do Not Save Encrypted Pages to Disk

Workstation

Empty Temporary Internet Files Folder when
Browser is Closed

World Wide Web Publishing Service

Internet Explorer\Security Features

Software Restriction Policies

Binary Behavior Security Restriction

The Threat of Malicious Software

MK Protocol Security Restriction

Windows XP and Windows Server 2003
Administrative Templates

Local Machine Zone Lockdown Security

Computer Configuration Settings

Consistent MIME Handling
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center

MIME Sniffing Safety Features

Windows Update

Scripted Window Security Restrictions

Configure Automatic Updates

Restrict ActiveX Install


Restrict File Download
Reschedule Automatic Updates Scheduled
Installations

Network Protocol Lockdown

System

Internet Information Services

Turn off Autoplay

Prevent IIS Installation

Do Not Process The Run Once List

Terminal Services

Logon

Deny Log Off of an Administrator Logged in
to the Console Session

Don't Display The Getting Started Welcome
Screen At Logon

Do Not Allow Local Administrators to
Customize Permissions

Do Not Process The Legacy Run List

Group Policy

Sets Rules for Remote Control of Terminal
Services User Sessions

Internet Explorer Maintenance Policy
Processing

Client/Server Data Redirection

IP Security Policy Processing

Allow Time Zone Redirection

Registry Policy Processing

Do Not Allow COM Port Redirection

Security Policy Processing

Do Not Allow Client Printer Redirection

Error Reporting

Do Not Allow LPT Port Redirection

Display Error Notification

Do Not Allow Drive Redirection

Report Errors

Encryption and Security

Internet Communications Management

Set Client Connection Encryption Level

Distributed COM

Always Prompt Client For A Password On
Connection

Browser Menus

Disable Save This Program To Disk Option

RPC Security Policy

Attachment Manager

Secure Server (Require Security)

Inclusion List For High Risk File Types

Sessions

Inclusion List For Moderate Risk File Types

Set Time Limit For Disconnected Sessions

Inclusion List For Low File Types

Allow Reconnection From Original Client
Only

Trust Logic For File Attachments

Windows Explorer

Hide Mechanisms To Remove Zone
Information

Turn Off Shell Protocol Protected Mode


Windows Messenger
Notify Antivirus Programs When Opening
Attachments
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center

Windows Explorer

Remove Security Tab

System\Power Management

Additional Registry Entries

How to Modify the Security Configuration
Editor User Interface

TCP/IP-Related Registry Entries

Disableipsourcerouting: IP Source Routing
Protection Level (Protects Against Packet
Spoofing)

Enabledeadgwdetect: Allow Automatic
Detection Of Dead Network Gateways
(Could Lead To Dos)

Enableicmpredirect: Allow ICMP Redirects
To Override OSPF Generated Routes

Keepalivetime: How Often Keep-alive
Packets Are Sent In Milliseconds (300,000 Is
Recommended)

Synattackprotect: Syn Attack Protection
Level (Protects Against Dos)

Tcpmaxconnectresponseretransmissions:
SYN-ACK Retransmissions When A
Connection Request Is Not Acknowledged

Tcpmaxdataretransmissions: How Many
Times Unacknowledged Data Is
Retransmitted (3 Recommended, 5 Is
Default)

Enable Safe DLL Search Order: Enable Safe
DLL Search Mode (Recommended)

Security Log Near Capacity Warning:
Percentage Threshold for the Security Event
Log at which the System will Generate a
Warning

Registry Entries Available In Windows XP
With SP2 And Windows Server 2003 With
SP1

RunInvalidSignatures

Registry Entries Available in Windows XP
with SP2

Security Center Registry Entries for XP

StorageDevicePolicies\WriteProtect

Registry Entries Available in
Windows Server 2003 with SP1

UseBasicAuth

DisableBasicOverClearChannel

Additional Countermeasures

Securing the Accounts

NTFS

Data and Application Segmentation

Configure SNMP Community Name

Miscellaneous Registry Entries

Disable NetBIOS and SMB on Public Facing
Interfaces

Configure Automatic Reboot from System
Crashes

Disable Dr. Watson: Disable Automatic
Execution of Dr. Watson System Debugger

Enable Administrative Shares

Configure IPsec Policies

Disable Saving of Dial-Up Passwords

Configuring Windows Firewall

Hide the Computer from Network
Neighborhood Browse Lists: Hide Computer
From the Browse List

Configure Netbios Name Release Security:
Allow the Computer to Ignore Netbios Name
Release Requests Except from WINS
Servers
ITPro Global ® 2009
www.itpro.net.vn
Module 62: Case Studies
Module 63: Botnets
Module 64: Economic Espionage
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Accredited Training Center
Module 65: Patch Management
Module 66: Security Convergence
Module 67: Identifying the Terrorist
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]