Course Description
This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking. This course prepares you for EC-Council Certified Ethical Hacker exam 312-50

Who Should Attend
This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.

5 days (9:00 – 5:00)

The Certified Ethical Hacker exam 312-50 may be taken on the last day of the training (optional). Students need to pass the online Prometric exam to receive CEH certification.

Legal Agreement
Ethical Hacking and Countermeasures course mission is to educate, introduce and demonstrate hacking tools for penetration testing purposes only. Prior to attending this course, you will be asked to sign an agreement stating that you will not use the newly acquired skills for illegal or malicious attacks and you will not use such tools in an attempt to compromise any computer system, and to indemnify EC-Council with respect to the use or misuse of these tools, regardless of intent.

Not anyone can be a student — the Accredited Training Centers (ATC) will make sure the applicants work for legitimate companies.

Course Outline Version 6

CEHv6 Curriculum consists of instructor-led training and self-study. The Instructor will provide the details of self-study modules to the students beginning of the class.

Module 1: Introduction to Ethical Hacking

  • Problem Definition -Why Security?
  • Essential Terminologies
  • Elements of Security
  • The Security, Functionality and Ease of Use Triangle
  • Case Study
  • What does a Malicious Hacker do?

o    Phase1-Reconnaissaance

         Reconnaissance Types

o    Phase2-Scanning

o    Phase3-Gaining Access

o    Phase4-Maintaining Access

o    Phase5-Covering Tracks

  • Types of Hacker Attacks

o    Operating System attacks

o    Application-level attacks

o    Shrink Wrap code attacks

o    Misconfiguration attacks

  • Hacktivism
  • Hacker Classes
  • Security News: Suicide Hacker
  • Ethical Hacker Classes
  • What do Ethical Hackers do
  • Can Hacking be Ethical
  • How to become an Ethical Hacker
  • Skill Profile of an Ethical Hacker
  • What is Vulnerability Research

o    Why Hackers Need Vulnerability Research

o    Vulnerability Research Tools

o    Vulnerability Research Websites

         National Vulnerability Database (

         Securitytracker (

         Securiteam (

         Secunia (

         Hackerstorm Vulnerability Database Tool (

   HackerWatch (


  • How to Conduct Ethical Hacking
  • How Do They Go About It
  • Approaches to Ethical Hacking
  • Ethical Hacking Testing
  • Ethical Hacking Deliverables
  • Computer Crimes and Implications

Module 2: Hacking Laws

  U.S. Securely Protect Yourself Against Cyber Trespass Act (SPY ACT)

  Legal Perspective (U.S. Federal Law)

o    18 U.S.C. 1029


o    18 U.S.C. 1030


o    18 U.S.C. 1362

o    18 U.S.C. 2318

o    18 U.S.C. 2320

o    18 U.S.C. 1831

o    47 U.S.C. 605, unauthorized publication or use of communications

o    Washington:

         RCW 9A.52.110

o    Florida:

         815.01 to 815.07

o    Indiana:

         IC 35-43

  Federal Managers Financial Integrity Act of 1982

  The Freedom of Information Act 5 U.S.C. 552

  Federal Information Security Management Act (FISMA)

  The Privacy Act Of 1974 5 U.S.C. 552a

  USA Patriot Act of 2001

  United Kingdom’s Cyber Laws

  United Kingdom: Police and Justice Act 2006

  European Laws

  Japan’s Cyber Laws

  Australia : The Cybercrime Act 2001


  Argentina Laws

  Germany’s Cyber Laws

  Singapore’s Cyber Laws

  Belgium  Law

  Brazilian Laws

  Canadian Laws

  France Laws

  German Laws

  Italian Laws




  Greece Laws

  Denmark Laws

  Netherlands Laws





Module 3: Footprinting

  • Revisiting Reconnaissance
  • Defining Footprinting
  • Why is Footprinting Necessary
  • Areas and Information which Attackers Seek
  • Information Gathering Methodology

o    Unearthing Initial Information

         Finding Company’s URL

         Internal URL

         Extracting Archive of a Website

         Google Search for Company’s Info

         People Search

  Yahoo People Search

  Satellite Picture of a Residence

  Best PeopleSearch



  Google Finance

  Yahoo Finance

         Footprinting through Job Sites 

         Passive Information Gathering

         Competitive Intelligence Gathering

  Why Do You Need Competitive Intelligence?

  Competitive Intelligence Resource

  Companies Providing Competitive Intelligence Services

  Carratu International

  CI Center

  Competitive Intelligence - When Did This Company Begin? How Did It Develop?

  Competitive Intelligence - Who Leads This Company

  Competitive Intelligence - What Are This Company's Plans

  Competitive Intelligence - What Does Expert Opinion Say About The Company

  Competitive Intelligence - Who Are The Leading Competitors?

  Competitive Intelligence Tool: Trellian

  Competitive Intelligence Tool: Web Investigator

         Public and Private Websites

  • Footprinting Tools

o    Sensepost Footprint Tools

o    Big Brother

o    BiLE Suite

o    Alchemy Network Tool

o    Advanced Administrative Tool

o    My IP Suite

o    Wikto Footprinting Tool

o    Whois Lookup

o    Whois

o    SmartWhois

o    ActiveWhois

o    LanWhois

o    CountryWhois

o    WhereIsIP

o    Ip2country

o    CallerIP

o    Web Data Extractor Tool

o    Online Whois Tools

o    What is MyIP

o  DNS Enumerator

o  SpiderFoot

o  Nslookup

o  Extract DNS Information

    • Types of DNS Records
    • Necrosoft Advanced DIG

o    Expired Domains

o    DomainKing

o    Domain Name Analyzer

o    DomainInspect

o    MSR Strider URL Tracer

o    Mozzle Domain Name Pro

o    Domain Research Tool (DRT)

o    Domain Status Reporter

o    Reggie

o    Locate the Network Range



    Traceroute Analysis

   3D Traceroute


   VisualRoute Trace

   Path Analyzer Pro


   Layer Four Traceroute

   Prefix WhoIs widget


   VisualRoute Mail Tracker


   Read Notify

  • E-Mail Spiders

o    1st E-mail Address Spider

o    Power E-mail Collector Tool

o    GEOSpider

o    Geowhere Footprinting Tool

o    Google Earth

o    Kartoo Search Engine

o    Dogpile (Meta Search Engine)

o    Tool: WebFerret

o    robots.txt

o    WTR - Web The Ripper

o    Website Watcher

  • Steps to Create Fake Login Pages
  • How to Create Fake Login Pages
  • Faking Websites using Man-in-the-Middle Phishing Kit
  • Benefits to Fraudster
  • Steps to Perform Footprinting

Module 4: Google Hacking

  What is Google hacking

  What a hacker can do with vulnerable site

  Anonymity with Caches

  Using Google as a Proxy Server

  Directory Listings

o    Locating Directory Listings

o    Finding Specific Directories

o    Finding Specific Files

o    Server Versioning 

  Going Out on a Limb: Traversal Techniques

o    Directory Traversal

o    Incremental Substitution 

  Extension Walking

  • Site Operator
  • intitle:index.of
  • error | warning
  • login | logon
  • username | userid | employee.ID | “your username is”
  • password | passcode | “your password is”
  • admin | administrator

o    admin login

  • –ext:html –ext:htm –ext:shtml –ext:asp –ext:php
  • inurl:temp | inurl:tmp | inurl:backup | inurl:bak
  • intranet | help.desk
  • Locating Public Exploit Sites

o    Locating Exploits Via Common Code Strings

      • Searching for Exploit Code with Nonstandard Extensions
      • Locating Source Code with Common Strings
  • Locating Vulnerable Targets

o    Locating Targets Via Demonstration Pages

      • “Powered by” Tags Are Common Query Fodder for Finding Web Applications

o    Locating Targets Via Source Code

      • Vulnerable Web Application Examples

o    Locating Targets Via CGI Scanning

      • A Single CGI Scan-Style Query
  • Directory Listings

o    Finding IIS 5.0 Servers

  • Web Server Software Error Messages

o    IIS HTTP/1.1 Error Page Titles

o     “Object Not Found” Error Message Used to Find IIS 5.0

o    Apache Web Server

      • Apache 2.0 Error Pages
  • Application Software Error Messages

o    ASP Dumps Provide Dangerous Details

o    Many Errors Reveal Pathnames and Filenames

o    CGI Environment Listings Reveal Lots of Information

  • Default Pages

o    A Typical Apache Default Web Page

o    Locating Default Installations of IIS 4.0 on Windows NT 4.0/OP

o    Default Pages Query for Web Server

o    Outlook Web Access Default Portal

  • Searching for Passwords

o    Windows Registry Entries Can Reveal Passwords

o    Usernames, Cleartext Passwords, and Hostnames!

  • Google Hacking Database (GHDB)
  • SiteDigger Tool
  • Gooscan
  • Goolink Scanner
  • Goolag Scanner
  • Tool: Google Hacks
  • Google Hack Honeypot
  • Google Protocol
  • Google Cartography

Module 5: Scanning

  • Scanning: Definition
  • Types of Scanning
  • Objectives of Scanning
  • CEH Scanning Methodology

o    Checking for live systems - ICMP Scanning

         Angry IP


         Ping Sweep

         Firewalk Tool

         Firewalk Commands

         Firewalk Output


         Nmap: Scan Methods

         NMAP Scan Options

         NMAP Output Format

         TCP Communication Flags

         Three Way Handshake

o    Syn Stealth/Half Open Scan

o    Stealth Scan

o    Xmas Scan

o    Fin Scan

o    Null Scan

o    Idle Scan

o    ICMP Echo Scanning/List Scan

o    TCP Connect/Full Open Scan

o    FTP Bounce Scan

         Ftp Bounce Attack

o    SYN/FIN Scanning Using IP Fragments

o    UDP Scanning

o    Reverse Ident Scanning

o    RPC Scan

o    Window Scan

o    Blaster Scan

o    Portscan Plus, Strobe

o    IPSec Scan

o    Netscan Tools Pro

o    WUPS – UDP Scanner

o    Superscan

o    IPScanner

o    Global Network Inventory Scanner

o    Net Tools Suite Pack

o    Floppy Scan

o    FloppyScan Steps

o    E-mail Results of FloppyScan

o    Atelier Web Ports Traffic Analyzer (AWPTA)

o    Atelier Web Security Port Scanner (AWSPS)

o    IPEye

o    ike-scan

o    Infiltrator Network Security Scanner

o    YAPS: Yet Another Port Scanner

o    Advanced Port Scanner

o    NetworkActiv Scanner

o    NetGadgets

o    P-Ping Tools

o    MegaPing

o    LanSpy

o    HoverIP

o    LANView

o    NetBruteScanner

o    SolarWinds Engineer’s Toolset


o    OstroSoft Internet Tools

o    Advanced IP Scanner

o    Active Network Monitor

o    Advanced Serial Data Logger

o    Advanced Serial Port Monitor

o    WotWeb

o    Antiy Ports

o    Port Detective

o    Roadkil’s Detector

o    Portable Storage Explorer

  • War Dialer Technique

o    Why War Dialing

o    Wardialing 

o    Phonesweep – War Dialing Tool

o    THC Scan

o    ToneLoc

o    ModemScan

o    War Dialing Countermeasures: Sandtrap Tool

  • Banner Grabbing

o    OS Fingerprinting

         Active Stack Fingerprinting

         Passive Fingerprinting

o    Active Banner Grabbing Using Telnet


o    P0f – Banner Grabbing Tool

o    p0f for Windows

o    Httprint Banner Grabbing Tool

o    Tool: Miart HTTP Header

o    Tools for Active Stack Fingerprinting




o    Disabling or Changing Banner

o    IIS Lockdown Tool

o    Tool: ServerMask

o    Hiding File Extensions

o    Tool: PageXchanger

  • Vulnerability Scanning

o    Bidiblah Automated Scanner

o    Qualys Web Based Scanner

o    SAINT

o    ISS Security Scanner

o    Nessus

o    GFI Languard

o    Security Administrator’s Tool for Analyzing Networks (SATAN)

o    Retina

o    Nagios

o    PacketTrap's pt360 Tool Suite

o    NIKTO

  SAFEsuite Internet Scanner, IdentTCPScan

  • Draw Network Diagrams of Vulnerable Hosts

o    Cheops

o    Friendly Pinger

o    LANsurveyor

o    Ipsonar

o    LANState

  Insightix Visibility

  IPCheck Server Monitor

  PRTG Traffic Grapher

  • Preparing Proxies

o    Proxy Servers

o    Free Proxy Servers

o    Use of Proxies for Attack

o    SocksChain

o    Proxy Workbench

o    Proxymanager Tool

o    Super Proxy Helper Tool

o    Happy Browser Tool (Proxy Based)

o    Multiproxy

o    Tor Proxy Chaining Software

o    Additional Proxy Tools

o    Anonymizers

         Surfing Anonymously

         Primedius Anonymizer


         Anonymous Surfing: Browzar

         Torpark Browser


         IP Privacy

         Anonymity 4 Proxy (A4Proxy)


         Connectivity Using Psiphon

         AnalogX Proxy



         ProxySwitcher Lite



o    Google Cookies


o    SSL Proxy Tool

o    How to Run SSL Proxy

o    HTTP  Tunneling Techniques

         Why Do I Need HTTP Tunneling

         Httptunnel for Windows

         How to Run Httptunnel



o    Spoofing IP Address

         Spoofing IP Address Using Source Routing

         Detection of IP Spoofing

         Despoof Tool

  • Scanning Countermeasures
  • Tool: SentryPC

Module 6: Enumeration

  • Overview of System Hacking Cycle
  • What is Enumeration?
  • Techniques for Enumeration
  • NetBIOS Null Sessions

o    So What's the Big Deal

o    DumpSec Tool

o    NetBIOS Enumeration Using Netview

         Nbtstat Enumeration Tool


         Enum Tool

o    Enumerating User Accounts


o    Null Session Countermeasure

  • PS Tools

o    PsExec

o    PsFile

o    PsGetSid

o    PsKill

o    PsInfo

o    PsList

o    PsLogged On

o    PsLogList

o    PsPasswd

o    PsService

o    PsShutdown

o    PsSuspend

  • Simple Network Management Protocol (SNMP) Enumeration

o    Management Information Base (MIB)

o    SNMPutil Example

o    SolarWinds

o    SNScan

o    Getif SNMP MIB Browser

o    UNIX Enumeration

o    SNMP UNIX Enumeration

o    SNMP Enumeration Countermeasures

o    LDAP enumeration

o    JXplorer

o    LdapMiner

o    Softerra LDAP Browser

o    NTP enumeration

o    SMTP enumeration

o    Smtpscan

o    Web enumeration

o    Asnumber  

o    Lynx

  • Winfingerprint

o    Windows Active Directory Attack Tool

o    How To Enumerate Web Application Directories in IIS Using DirectoryServices

  • IP Tools Scanner
  • Enumerate Systems Using Default Password


o    NBTScan

o    NetViewX


o    Terminal Service Agent

o    TXNDS

o    Unicornscan

o    Amap

o    Netenum

  • Steps to Perform Enumeration

Module 7: System Hacking

  • Part 1- Cracking Password

o     CEH hacking Cycle

o    Password Types

o    Types of Password Attack

         Passive Online Attack: Wire Sniffing

         Passive Online Attack: Man-in-the-middle and replay attacks

         Active Online Attack:  Password Guessing

         Offline Attacks

  Brute force Attack

  Pre-computed Hashes

  Syllable Attack/Rule-based Attack/ Hybrid attacks

  Distributed network  Attack

  Rainbow Attack

         Non-Technical Attacks

o    Default Password Database

o    PDF Password Cracker

o    Abcom PDF Password Cracker

o    Password Mitigation

o    Permanent Account Lockout-Employee Privilege Abuse

o    Administrator Password Guessing

         Manual Password cracking Algorithm

         Automatic Password Cracking Algorithm

o    Performing Automated Password Guessing

         Tool: NAT

         Smbbf (SMB Passive Brute Force Tool)

         SmbCrack Tool: Legion

         Hacking Tool: LOphtcrack

o    Microsoft Authentication

         LM, NTLMv1, and NTLMv2

         NTLM And LM Authentication On The Wire

         Kerberos Authentication

         What is LAN Manager Hash?

  LM “Hash” Generation

  LM Hash


         PWdump2 and Pwdump3

         Tool: Rainbowcrack

         Hacking Tool: KerbCrack

         Hacking Tool: NBTDeputy

         NetBIOS DoS Attack

         Hacking Tool: John the Ripper

o    Password Sniffing

o    How to Sniff SMB Credentials?

o    SMB Replay Attacks

o    Replay Attack Tool: SMBProxy

o    SMB Signing

o    Tool: LCP

o    Tool: SID&User

o    Tool: Ophcrack 2

o    Tool: Crack

o    Tool: Access PassView

o    Tool: Asterisk Logger

o    Tool: CHAOS Generator

o    Tool: Asterisk Key

o    Password Recovery Tool: MS Access Database Password Decoder

o    Password Cracking Countermeasures

o    Do Not Store LAN Manager Hash in SAM Database

o    LM Hash Backward Compatibility

o    How to Disable LM HASH

o    Password Brute-Force Estimate Tool

o    Syskey Utility

o    AccountAudit

  • Part2-Escalating Privileges

o    CEH Hacking Cycle

o    Privilege Escalation

o    Cracking NT/2000 passwords

o    Active@ Password Changer

         Change Recovery Console Password  - Method 1

         Change Recovery Console Password -  Method 2

o    Privilege Escalation Tool: x.exe

  • Part3-Executing applications

o    CEH Hacking Cycle

o    Tool: psexec

o    Tool: remoexec

o    Ras N Map

o    Tool: Alchemy Remote Executor

o    Emsa FlexInfo Pro

o    Keystroke Loggers

o    E-mail Keylogger

o    Revealer Keylogger Pro

o    Handy Keylogger

o    Ardamax Keylogger

o    Powered Keylogger

o    Quick Keylogger

o    Spy-Keylogger

o    Perfect Keylogger

o    Invisible Keylogger

o    Actual Spy

o    SpyToctor FTP Keylogger

o    IKS Software Keylogger

o    Ghost Keylogger

o    Hacking Tool: Hardware Key Logger

o    What is Spyware?

o    Spyware: Spector

o    Remote Spy

o    Spy Tech Spy Agent

o    007 Spy Software

o    Spy Buddy

o    Ace Spy

o    Keystroke Spy

o    Activity Monitor

o    Hacking Tool: eBlaster

o    Stealth Voice Recorder

o    Stealth Keylogger

o    Stealth Website Logger

o    Digi Watcher Video Surveillance

o    Desktop Spy Screen Capture Program

o    Telephone Spy

o    Print Monitor Spy Tool

o    Stealth E-Mail Redirector

o    Spy Software: Wiretap Professional

o    Spy Software: FlexiSpy

o    PC PhoneHome

o    Keylogger Countermeasures

o    Anti Keylogger

o    Advanced Anti Keylogger

o    Privacy Keyboard

o    Spy Hunter - Spyware Remover

o    Spy Sweeper

o    Spyware Terminator

o    WinCleaner AntiSpyware

  • Part4-Hiding files

o    CEH Hacking Cycle

o    Hiding Files

o    RootKits

         Why rootkits

         Hacking Tool:  NT/2000 Rootkit

         Planting the NT/2000 Rootkit

         Rootkits in Linux

         Detecting Rootkits

         Steps for Detecting Rootkits

         Rootkit Detection Tools

         Sony Rootkit Case Study

         Rootkit: Fu

         AFX Rootkit

         Rootkit: Nuclear

         Rootkit: Vanquish

         Rootkit Countermeasures



o    Creating Alternate Data Streams

o    How to Create NTFS Streams?

         NTFS Stream Manipulation

         NTFS Streams Countermeasures

         NTFS Stream Detectors (ADS Spy and ADS Tools)

         Hacking Tool: USB Dumper

o    What is Steganography?

         Steganography Techniques

Least Significant Bit Insertion in Image files

Process of Hiding Information in Image Files

Masking and Filtering in Image files

Algorithms and transformation

         Tool: Merge Streams

         Invisible Folders

         Tool: Invisible Secrets

         Tool : Image Hide

         Tool: Stealth Files

         Tool: Steganography

         Masker Steganography Tool

         Hermetic Stego

         DCPP – Hide an Operating System

         Tool: Camera/Shy

         Tool: Mp3Stego

         Tool: Snow.exe

         Steganography Tool: Fort Knox

         Steganography Tool: Blindside

         Steganography Tool: S- Tools

         Steganography Tool: Steghide

         Tool: Steganos

         Steganography Tool: Pretty Good Envelop

         Tool: Gifshuffle

         Tool: JPHIDE and JPSEEK

         Tool: wbStego

         Tool: OutGuess

         Tool: Data Stash

         Tool: Hydan

         Tool: Cloak

         Tool: StegoNote

         Tool: Stegomagic

         Steganos Security Suite

         C Steganography



         Video Steganography

         Case Study: Al-Qaida members Distributing Propaganda to Volunteers    using Steganography


         Steganalysis Methods/Attacks on Steganography



         High-Level View

         Tool: dskprobe.exe

         Stego Watch- Stego Detection Tool


  • Part5-Covering Tracks

o    CEH Hacking Cycle

o    Covering Tracks

o    Disabling Auditing

o    Clearing the Event Log

o    Tool: elsave.exe

o    Hacking Tool: Winzapper

o    Evidence Eliminator

o    Tool: Traceless

o    Tool: Tracks Eraser Pro

o    Armor Tools

o    Tool: ZeroTracks

o    PhatBooster

Module 8: Trojans and Backdoors

  • Effect on Business
  • What is a Trojan?

o    Overt and Covert Channels

o    Working of Trojans

o    Different Types of Trojans

  Remote Access Trojans

  Data-Sending Trojans

  Destructive Trojans

  Denial-of-Service (DoS) Attack Trojans

  Proxy Trojans

  FTP Trojans

  Security Software Disablers

o    What do Trojan Creators Look for?

o    Different Ways a Trojan can Get into a System

  • Indications of a Trojan Attack
  • Ports Used by Trojans

o    How to Determine which Ports are Listening

  • Trojans

o    Trojan: iCmd

o  MoSucker Trojan

o  Proxy Server Trojan

o  SARS Trojan Notification

o  Wrappers

o  Wrapper Covert Program

o  Wrapping Tools

o  One Exe Maker / YAB / Pretator Wrappers

o  Packaging Tool: WordPad

o  RemoteByMail

o  Tool: Icon Plus

o  Defacing Application: Restorator

o  Tetris

o  HTTP Trojans

o  Trojan Attack through Http

o  HTTP Trojan (HTTP RAT)

o  Shttpd Trojan - HTTP Server

o  Reverse Connecting Trojans

o  Nuclear RAT Trojan (Reverse Connecting)

o  Tool: BadLuck Destructive Trojan

o  ICMP Tunneling

o  ICMP Backdoor Trojan

o  Microsoft Network Hacked by QAZ Trojan

o  Backdoor.Theef (AVP)

o  T2W (TrojanToWorm)

o  Biorante RAT

o  DownTroj

o  Turkojan

o  Trojan.Satellite-RAT

o  Yakoza

o  DarkLabel B4

o  Trojan.Hav-Rat

o  Poison Ivy

o  Rapid Hacker

o  SharK

o  HackerzRat

o  TYO

o  1337 Fun Trojan

o  Criminal Rat Beta

o  VicSpy

o    Optix PRO

o    ProAgent

o    OD Client

o    AceRat

o    Mhacker-PS

o    RubyRAT Public

o    SINner

o    ConsoleDevil

o    ZombieRat

o    FTP Trojan - TinyFTPD

o    VNC Trojan

o    Webcam Trojan

o    DJI RAT

o    Skiddie Rat

o    Biohazard RAT

o    Troya

o    ProRat

o    Dark Girl

o    DaCryptic

o    Net-Devil

  • Classic Trojans Found in the Wild

o    Trojan: Tini

o    Trojan: NetBus

o    Trojan: Netcat

o    Netcat Client/Server

o    Netcat Commands

o    Trojan: Beast

o    Trojan: Phatbot

o    Trojan: Amitis

o    Trojan: Senna Spy

o    Trojan: QAZ

o    Trojan: Back Orifice 

o    Trojan: Back Oriffice 2000

o    Back Oriffice Plug-ins

o    Trojan: SubSeven 

o    Trojan: CyberSpy Telnet Trojan

o    Trojan: Subroot Telnet Trojan

o    Trojan: Let Me Rule! 2.0 BETA 9

o    Trojan: Donald Dick

    • Trojan: RECUB 
  • Hacking Tool: Loki
  • Loki Countermeasures
  • Atelier Web Remote Commander
  • Trojan Horse Construction Kit
  • How to Detect Trojans?

o    Netstat

o    fPort

o    TCPView

o    CurrPorts Tool

o    Process Viewer

o    Delete Suspicious Device Drivers

o    Check for Running Processes: What’s on My Computer

o    Super System Helper Tool

o    Inzider-Tracks Processes and Ports

o    Tool: What’s Running

o    MS Configuration Utility

o    Registry- What’s Running

o    Autoruns

o    Hijack This (System Checker)

o    Startup List

  • Anti-Trojan Software


  Comodo BOClean

  Trojan Remover: XoftspySE

  Trojan Remover: Spyware Doctor


  • Evading Anti-Virus Techniques
  • Sample Code for Trojan Client/Server
  • Evading Anti-Trojan/Anti-Virus using Stealth Tools
  • Backdoor Countermeasures
  • Tripwire
  • System File Verification
  • MD5 Checksum.exe
  • Microsoft Windows Defender
  • How to Avoid a Trojan Infection

Module 9: Viruses and Worms

  • Virus History
  • Characteristics of Virus
  • Working of Virus

o    Infection Phase

o    Attack Phase

  • Why people create Computer Viruses
  • Symptoms of a Virus-like Attack
  • Virus Hoaxes
  • Chain Letters
  • How is a Worm Different from a Virus
  • Indications of a Virus Attack
  • Hardware Threats
  • Software Threats
  • Virus Damage

  Mode of Virus Infection

  • Stages of Virus Life
  • Virus Classification
  • How Does a Virus Infect?
  • Storage Patterns of Virus

o    System Sector virus

o    Stealth Virus

o    Bootable CD-Rom Virus

         Self -Modification

         Encryption with a Variable Key

o    Polymorphic Code

o    Metamorphic Virus

o    Cavity Virus

o    Sparse Infector Virus

o    Companion Virus

o    File Extension Virus

  • Famous Virus/Worms – I Love You Virus
  • Famous Virus/Worms – Melissa
  • Famous Virus/Worms – JS/Spth
  • Klez Virus Analysis
  • Latest Viruses
  • Top 10 Viruses- 2008

o    Virus: Win32.AutoRun.ah

o    Virus:W32/Virut

o    Virus:W32/Divvi

o    Worm.SymbOS.Lasco.a

o    Disk Killer

o    Bad Boy

o    HappyBox

o    Java.StrangeBrew

o    MonteCarlo Family

o    PHP.Neworld

o    W32/WBoy.a

o    ExeBug.d

o    W32/Voterai.worm.e

o    W32/Lecivio.worm

o    W32/Lurka.a

o    W32/Vora.worm!p2p

  • Writing a Simple Virus Program
  • Virus Construction Kits
  • Virus Detection Methods
  • Virus Incident Response
  • What is Sheep Dip?
  • Virus Analysis – IDA Pro Tool
  • Prevention is better than Cure
  • Anti-Virus Software

o    AVG Antivirus

o    Norton Antivirus

o    McAfee

o    Socketsheild

o    BitDefender

o    ESET Nod32

o    CA Anti-Virus

o    F-Secure Anti-Virus

o    Kaspersky Anti-Virus

o    F-Prot Antivirus

o    Panda Antivirus Platinum

o    avast! Virus Cleaner

o    ClamWin

o    Norman Virus Control

  • Popular Anti-Virus Packages
  • Virus Databases

Module 10: Sniffers

  • Definition - Sniffing
  • Protocols Vulnerable to Sniffing
  • Tool: Network View – Scans the Network for Devices
  • The Dude Sniffer
  • Wireshark
  • Display Filters in Wireshark
  • Following the TCP Stream in Wireshark
  • Cain and Abel
  • Tcpdump
  • Tcpdump Commands
  • Types of Sniffing

o    Passive Sniffing

o    Active Sniffing

  • What is ARP

o    ARP Spoofing Attack

o    How does ARP Spoofing Work

o    ARP Poising

o    MAC Duplicating

o    MAC Duplicating Attack

o    Tools for ARP Spoofing



o    MAC Flooding

         Tools for MAC Flooding

  Linux Tool: Macof

  Windows Tool: Etherflood

o    Threats of ARP Poisoning

o    Irs-Arp Attack Tool

o    ARPWorks Tool

o    Tool: Nemesis

o    IP-based sniffing

  • Linux Sniffing Tools (dsniff package)

o    Linux tool: Arpspoof

o    Linux Tool: Dnssppoof

o    Linux Tool: Dsniff

o    Linux Tool: Filesnarf

o    Linux Tool: Mailsnarf

o    Linux Tool: Msgsnarf

o    Linux Tool: Sshmitm

o    Linux Tool: Tcpkill

o    Linux Tool: Tcpnice

o    Linux Tool: Urlsnarf

o    Linux Tool: Webspy

o    Linux Tool: Webmitm

  • DNS Poisoning Techniques

o    Intranet DNS Spoofing (Local Network)

o    Internet DNS Spoofing (Remote Network)

o    Proxy Server DNS Poisoning

o    DNS Cache Poisoning

  • Interactive TCP Relay
  • Interactive Replay Attacks
  • Raw Sniffing Tools
  • Features of Raw Sniffing Tools

o    HTTP Sniffer: EffeTech

o    Ace Password Sniffer

o    Win Sniffer

o    MSN Sniffer

o    SmartSniff

o    Session Capture Sniffer: NetWitness

o    Session Capture Sniffer: NWreader

o    Packet Crafter Craft Custom TCP/IP Packets

o    SMAC

o    NetSetMan Tool

o    Ntop

o    EtherApe

o    Network Probe

o    Maa Tec Network Analyzer

o    Tool: Snort

o    Tool: Windump

o    Tool: Etherpeek

o    NetIntercept

o    Colasoft EtherLook

o    AW Ports Traffic Analyzer

o    Colasoft Capsa Network Analyzer

o    CommView

o    Sniffem

o    NetResident

o    IP Sniffer

o    Sniphere

o    IE HTTP Analyzer

o    BillSniff

o    URL Snooper

o    EtherDetect Packet Sniffer

o    EffeTech HTTP Sniffer

o    AnalogX Packetmon

o    Colasoft MSN Monitor

o    IPgrab

o    EtherScan Analyzer

  • How to Detect Sniffing
  • Countermeasures

o    Antisniff Tool

o    Arpwatch Tool

o    PromiScan

o    proDETECT

Module 11: Social Engineering

  • What is Social Engineering?
  • Human Weakness
  • “Rebecca” and “Jessica”
  • Office Workers
  • Types of Social Engineering

o    Human-Based Social Engineering

         Technical Support Example

         More Social Engineering Examples

         Human-Based Social Engineering: Eavesdropping

         Human-Based Social Engineering: Shoulder Surfing

         Human-Based Social Engineering: Dumpster Diving

         Dumpster Diving Example

         Oracle Snoops Microsoft’s Trash Bins

         Movies to Watch for Reverse Engineering

o    Computer Based Social Engineering

o    Insider Attack

o    Disgruntled Employee

o    Preventing Insider Threat

o    Common Targets of Social Engineering

  Social Engineering Threats

o    Online

o    Telephone

o    Personal approaches

o    Defenses Against Social Engineering Threats

  Factors that make Companies Vulnerable to Attacks

  Why is Social Engineering Effective

  Warning Signs of an Attack

  Tool : Netcraft Anti-Phishing Toolbar

  Phases in a Social Engineering Attack

  Behaviors Vulnerable to Attacks

  Impact on the Organization


  Policies and Procedures

  Security Policies - Checklist

  Impersonating Orkut, Facebook, MySpace


  Impersonating on Orkut

  MW.Orc worm


  Impersonating on Facebook


  Impersonating on MySpace

  How to Steal Identity



  Identity Theft

Module 12: Phishing



  Reasons for Successful Phishing

  Phishing Methods

  Process of Phishing

  Types of Phishing Attacks

o    Man-in-the-Middle Attacks

o    URL Obfuscation Attacks

o    Cross-site Scripting Attacks

o    Hidden Attacks

o    Client-side Vulnerabilities

o    Deceptive Phishing

o    Malware-Based Phishing

o    DNS-Based Phishing

o    Content-Injection Phishing

o    Search Engine Phishing

  Phishing Statistics: Feb’ 2008


  Anti-Phishing Tools

o    PhishTank SiteChecker

o    NetCraft

o    GFI MailEssentials

o    SpoofGuard

o    Phishing Sweeper Enterprise

o    TrustWatch Toolbar

o    ThreatFire

o    GralicWrap

o    Spyware Doctor

o    Track Zapper Spyware-Adware Remover

o    AdwareInspector


Module 13: Hacking Email Accounts

  • Ways for Getting Email Account Information
  • Stealing Cookies
  • Social Engineering
  • Password Phishing
  • Fraudulent e-mail Messages
  • Vulnerabilities
    • Web Email
    • Reaper Exploit
  • Tool: Advanced Stealth Email Redirector
  • Tool: Mail PassView
  • Tool: Email Password Recovery Master
  • Tool: Mail Password
  • Email Finder Pro
  • Email Spider Easy
  • Kernel Hotmail MSN Password Recovery
  • Retrieve Forgotten Yahoo Password
  • MegaHackerZ
  • Hack Passwords
  • Creating Strong Passwords
  • Creating Strong Passwords: Change Password
  • Creating Strong Passwords: Trouble Signing In
  • Sign-in Seal
  • Alternate Email Address
  • Keep Me Signed In/ Remember Me
  • Tool: Email Protector    
  • Tool: Email Security
  • Tool: EmailSanitizer
  • Tool: Email Protector
  • Tool: SuperSecret

Module 14: Denial-of-Service

  • Real World Scenario of DoS Attacks
  • What are Denial-of-Service Attacks
  • Goal of DoS
  • Impact and the Modes of Attack
  • Types of Attacks
  • DoS Attack Classification

o    Smurf Attack

o    Buffer Overflow Attack

o    Ping of Death Attack

o    Teardrop Attack

o    SYN Attack

o    SYN Flooding

o    DoS Attack Tools

o    DoS Tool: Jolt2

o    DoS Tool: Bubonic.c

o    DoS Tool: Land and LaTierra

o    DoS Tool: Targa

o    DoS Tool: Blast

o    DoS Tool: Nemesy

o    DoS Tool: Panther2

o    DoS Tool: Crazy Pinger

o    DoS Tool: SomeTrouble

o    DoS Tool: UDP Flood

o    DoS Tool: FSMax

  • Bot (Derived from the Word RoBOT)
  • Botnets
  • Uses of Botnets
  • Types of Bots
  • How Do They Infect? Analysis Of Agabot
  • How Do They Infect
  • Tool: Nuclear Bot
  • What is DDoS Attack
  • Characteristics of DDoS Attacks
  • DDOS Unstoppable
  • Agent Handler Model
  • DDoS IRC based Model
  •  DDoS Attack Taxonomy
  • Amplification Attack
  • Reflective DNS Attacks
  • Reflective DNS Attacks Tool:
  • DDoS Tools

o    DDoS Tool: Trinoo

o    DDoS Tool: Tribal Flood Network

o    DDoS Tool: TFN2K

o    DDoS Tool: Stacheldraht

o    DDoS Tool: Shaft

o    DDoS Tool: Trinity

o    DDoS Tool: Knight and Kaiten

o    DDoS Tool: Mstream

  • Worms
  • Slammer Worm
  • Spread of Slammer Worm – 30 min
  • MyDoom.B
  • SCO Against MyDoom Worm
  • How to Conduct a DDoS Attack
  • The Reflected DoS Attacks
  • Reflection of the Exploit
  • Countermeasures for Reflected DoS
  • DDoS Countermeasures
  • Taxonomy of DDoS Countermeasures
  • Preventing Secondary Victims
  • Detect and Neutralize Handlers
  • Detect Potential Attacks
  • DoSHTTP Tool
  • Mitigate or Stop the Effects of DDoS Attacks
  • Deflect Attacks
  • Post-attack Forensics
  • Packet Traceback

 Module 15: Session Hijacking

  • What is Session Hijacking?
  • Spoofing v Hijacking
  • Steps in Session Hijacking
  • Types of Session Hijacking
  • Session Hijacking Levels
  • Network Level Hijacking
  • The 3-Way Handshake
  • TCP Concepts 3-Way Handshake
  • Sequence Numbers
  • Sequence Number Prediction
  • TCP/IP hijacking
  • IP Spoofing: Source Routed Packets
  • RST Hijacking

o    RST Hijacking Tool:

  • Blind Hijacking
  • Man in the Middle: Packet Sniffer
  • UDP Hijacking
  • Application Level Hijacking
  • Programs that Performs Session Hacking

o    Juggernaut

o    Hunt

o    TTY-Watcher

o    IP watcher

o    Session Hijacking Tool: T-Sight

o    Remote TCP Session Reset Utility (SOLARWINDS)

o    Paros HTTP Session Hijacking Tool

o    Dnshijacker Tool

o    Hjksuite Tool

  • Dangers that hijacking Pose
  • Protecting against Session Hijacking
  • Countermeasures: IPSec

Module 16: Hacking Web Servers

  • How Web Servers Work
  • How are Web Servers Compromised
  • Web Server Defacement

o    How are Servers Defaced

  • Apache Vulnerability
  • Attacks against IIS

o    IIS Components

o    IIS Directory Traversal (Unicode) Attack

  • Unicode

o    Unicode Directory Traversal Vulnerability

  • Hacking Tool

o    Hacking Tool: IISxploit.exe

o    Msw3prt IPP Vulnerability

o    RPC DCOM Vulnerability

o    ASP Trojan

o    IIS Logs

o    Network Tool: Log Analyzer

o    Hacking Tool: CleanIISLog

o    IIS Security Tool: Server Mask 

o    ServerMask ip100

o    Tool: CacheRight

o    Tool: CustomError

o    Tool: HttpZip

o    Tool: LinkDeny

o    Tool: ServerDefender AI

o    Tool: ZipEnable

o    Tool: w3compiler

o    Yersinia

  • Tool: Metasploit Framework
  • Tool: Immunity CANVAS Professional
  • Tool: Core Impact
  • Tool: MPack
  • Tool: Neosploit
  • Hotfixes and Patches
  • What is Patch Management
  • Patch Management Checklist

o    Solution: UpdateExpert

o    Patch Management Tool: qfecheck

o    Patch Management Tool: HFNetChk

o    cacls.exe utility

o    Shavlik NetChk Protect

o    Kaseya Patch Management

o    IBM Tivoli Configuration Manager

o    LANDesk Patch Manager

o    BMC Patch Manager

o    ConfigureSoft Enterprise Configuration Manager (ECM)

o    BladeLogic Configuration Manager

o    Opsware Server Automation System (SAS)

o    Best Practices for Patch Management

  • Vulnerability Scanners
  • Online Vulnerability Search Engine
  • Network Tool: Whisker
  • Network Tool: N-Stealth HTTP Vulnerability Scanner
  • Hacking Tool: WebInspect
  • Network Tool: Shadow Security Scanner
  • Secure IIS

o    ServersCheck Monitoring

o    GFI Network Server Monitor

o    Servers Alive

o    Webserver Stress Tool

o    Monitoring Tool: Secunia PSI

  • Countermeasures
  • Increasing Web Server Security
  • Web Server Protection Checklist

Module 17: Web Application Vulnerabilities

  • Web Application Setup
  • Web application Hacking
  • Anatomy of an Attack
  • Web Application Threats
  • Cross-Site Scripting/XSS Flaws

o    An Example of XSS

o    Countermeasures

  • SQL Injection
  • Command Injection Flaws

o    Countermeasures

  • Cookie/Session Poisoning

o    Countermeasures

  • Parameter/Form Tampering
  • Hidden Field at
  • Buffer Overflow

o    Countermeasures

  • Directory Traversal/Forceful Browsing

o  Countermeasures

  • Cryptographic Interception
  • Cookie Snooping
  • Authentication Hijacking

o    Countermeasures

  • Log Tampering
  • Error Message Interception
  • Attack Obfuscation
  • Platform Exploits
  • DMZ Protocol Attacks

o    Countermeasures

  • Security Management Exploits

o    Web Services Attacks

o    Zero-Day Attacks

o    Network Access Attacks

  • TCP Fragmentation
  • Hacking Tools

o    Instant Source

o    Wget

o    WebSleuth

o    BlackWidow

o    SiteScope Tool

o    WSDigger Tool – Web Services Testing Tool

o    CookieDigger Tool

o    SSLDigger Tool

o    SiteDigger Tool

o    WindowBomb

o    Burp: Positioning Payloads

o    Burp: Configuring Payloads and Content Enumeration

o    Burp: Password Guessing

o    Burp Proxy

o    Burpsuite

o    Hacking Tool: cURL

o    dotDefender

o    Acunetix Web Scanner

o    AppScan – Web Application Scanner

o    AccessDiver

o    Tool: Falcove Web Vulnerability Scanner

o    Tool: NetBrute

o    Tool: Emsa Web Monitor

o    Tool: KeepNI

o    Tool: Parosproxy

o    Tool: WebScarab

o    Tool: Watchfire AppScan

o    Tool: WebWatchBot

o    Tool: Mapper


Module 18: Web-Based Password Cracking Techniques

  • Authentication - Definition
  • Authentication Mechanisms

o    HTTP Authentication

         Basic Authentication

         Digest Authentication

o    Integrated Windows (NTLM) Authentication

o    Negotiate Authentication

o    Certificate-based Authentication

o    Forms-based Authentication

o    RSA SecurID Token

o    Biometrics Authentication

         Types of Biometrics Authentication

  Fingerprint-based Identification

  Hand Geometry- based Identification

  Retina Scanning

  Afghan Woman Recognized After 17 Years

  Face Recognition

  Face Code: WebCam Based Biometrics Authentication System

  • Bill Gates at the RSA Conference 2006
  • How to Select a Good Password
  • Things to Avoid in Passwords
  • Changing Your Password
  • Protecting Your Password
  • Examples of Bad Passwords
  • The “Mary Had A Little Lamb” Formula
  • How Hackers Get Hold of Passwords
  • Windows XP: Remove Saved Passwords
  • What is a Password Cracker
  • Modus Operandi of an Attacker Using a Password Cracker
  • How Does a Password Cracker Work
  • Attacks - Classification

o    Password Guessing

o    Query String

o    Cookies

o    Dictionary Maker

  • Password Crackers Available

o    L0phtCrack (LC4)

o    John the Ripper

o    Brutus

o    ObiWaN

o    Authforce

o    Hydra

o    Cain & Abel

o    RAR

o    Gammaprog

o    WebCracker

o    Munga Bunga

o    PassList

o    SnadBoy

o    MessenPass

o    Wireless WEP Key Password Spy

o    RockXP

o    Password Spectator Pro

o    Passwordstate

o    Atomic Mailbox Password Cracker

o    Advanced Mailbox Password Recovery (AMBPR)

o    Tool: Network Password Recovery

o    Tool: Mail PassView

o    Tool: Messenger Key

o    Tool: SniffPass

o    WebPassword

o    Password Administrator

o    Password Safe

o    Easy Web Password

o    PassReminder

o    My Password Manager

  • Countermeasures


 Module 19: SQL Injection

  • What is SQL Injection
  • Exploiting Web Applications
  • Steps for performing SQL injection
  • What You Should Look For
  • What If It Doesn’t Take Input
  • OLE DB Errors
  • Input Validation Attack
  • SQL injection Techniques
  • How to Test for SQL Injection Vulnerability
  • How Does It Work
  • BadLogin.aspx.cs
  • BadProductList.aspx.cs 
  • Executing Operating System Commands
  • Getting Output of SQL Query
  • Getting Data from the Database Using ODBC Error Message
  • How to Mine all Column Names of a Table
  • How to Retrieve any Data
  • How to Update/Insert Data into Database
  • SQL Injection in Oracle
  • SQL Injection in MySql Database
  • Attacking Against SQL Servers
  • SQL Server Resolution Service (SSRS)
  • Osql -L Probing
  • SQL Injection Automated Tools
  • Automated SQL Injection Tool: AutoMagic SQL
  • Absinthe Automated SQL Injection Tool

o    Hacking Tool: SQLDict

o    Hacking Tool: SQLExec

o    SQL Server Password Auditing Tool: sqlbf

o    Hacking Tool: SQLSmack

o    Hacking Tool: SQL2.exe

o    sqlmap

o    sqlninja

o    SQLIer

o    Automagic SQL Injector

o    Absinthe

  • Blind SQL Injection

o    Blind SQL Injection: Countermeasure

o    Blind SQL Injection Schema

  • SQL Injection Countermeasures
  • Preventing SQL Injection Attacks
  • GoodLogin.aspx.cs
  • SQL Injection Blocking Tool: SQL Block
  • Acunetix Web Vulnerability Scanner

Module 20: Hacking Wireless Networks

  Introduction to Wireless

o    Introduction to Wireless Networking

o    Wired Network vs. Wireless Network

o    Effects of Wireless Attacks on Business

o    Types of Wireless Network

o    Advantages and Disadvantages of a Wireless Network

  Wireless Standards

o    Wireless Standard: 802.11a

o    Wireless Standard: 802.11b – “WiFi”

o    Wireless Standard: 802.11g

o    Wireless Standard: 802.11i

o    Wireless Standard: 802.11n

  Wireless Concepts and Devices

o    Related Technology and Carrier Networks

o    Antennas

o    Cantenna –

o    Wireless Access Points

o    SSID

o    Beacon Frames

o    Is the SSID a Secret

o    Setting up a WLAN

o    Authentication and Association

o    Authentication Modes

o    The 802.1X Authentication Process

     WEP and WPA

o    Wired Equivalent Privacy (WEP)

o    WEP Issues

o    WEP - Authentication Phase

o    WEP - Shared Key Authentication   

o    WEP - Association Phase

o    WEP Flaws

o    What is WPA

o    WPA Vulnerabilities 

o    WEP, WPA, and WPA2

o    WPA2 Wi-Fi Protected Access 2

  Attacks and Hacking Tools

o    Terminologies

o    WarChalking

o    Authentication and (Dis) Association Attacks

o    WEP Attack

o    Cracking WEP

o    Weak Keys (a.k.a. Weak IVs)

o    Problems with WEP’s Key Stream and Reuse

o    Automated WEP Crackers

o    Pad-Collection Attacks

o    XOR Encryption

o    Stream Cipher

o    WEP Tool: Aircrack

o    Aircrack-ng

o    WEP Tool: AirSnort

o    WEP Tool: WEPCrack

o    WEP Tool: WepLab

o    Attacking WPA Encrypted Networks

o    Attacking WEP with WEPCrack on Windows using Cygwin

o    Attacking WEP with WEPCrack on Windows using PERL Interpreter

o    Tool: Wepdecrypt

o    WPA-PSK Cracking Tool: CowPatty

o    802.11 Specific Vulnerabilities

o    Evil Twin: Attack

o    Rogue Access Points

o    Tools to Generate Rogue Access Points: Fake AP

o    Tools to Detect Rogue Access Points:  Netstumbler

o    Tools to Detect Rogue Access Points: MiniStumbler

o    ClassicStumbler

o    AirFart

o    AP Radar

o    Hotspotter

o    Cloaked Access Point

o    WarDriving Tool: shtumble

o    Temporal Key Integrity Protocol (TKIP) 

o    LEAP:  The Lightweight Extensible Authentication Protocol

o    LEAP Attacks

o    LEAP Attack Tool: ASLEAP

o    Working of ASLEAP

o    MAC Sniffing and AP Spoofing

o    Defeating MAC Address Filtering in Windows

o    Manually Changing the MAC Address in Windows XP and 2000

o    Tool to Detect MAC Address Spoofing:  Wellenreiter

o    Man-in-the-Middle Attack (MITM)

o    Denial-of-Service Attacks

o    DoS Attack Tool: Fatajack

o    Hijacking and Modifying a Wireless Network

o    Phone Jammers

o    Phone Jammer: Mobile Blocker

o    Pocket Cellular Style Cell Phone Jammer

o    2.4Ghz Wi-Fi & Wireless Camera Jammer

o    3 Watt Digital Cell Phone Jammer

o    3 Watt Quad Band Digital Cellular Mobile Phone Jammer

o    20W Quad Band Digital Cellular Mobile Phone Jammer

o    40W Digital Cellular Mobile Phone Jammer

o    Detecting a Wireless Network

  Scanning Tools

o    Scanning Tool: Kismet

o    Scanning Tool: Prismstumbler

o    Scanning Tool: MacStumbler

o    Scanning Tool: Mognet V1.16

o    Scanning Tool: WaveStumbler

o    Scanning Tool: Netchaser V1.0  for Palm Tops

o    Scanning Tool: AP Scanner

o    Scanning Tool: Wavemon

o    Scanning Tool: Wireless Security Auditor (WSA)

o    Scanning Tool: AirTraf

o    Scanning Tool: WiFi Finder

o    Scanning Tool: WifiScanner

o    eEye Retina WiFI

o    Simple Wireless Scanner

o    wlanScanner

  Sniffing Tools

o    Sniffing Tool: AiroPeek

o    Sniffing Tool: NAI Wireless Sniffer

o    MAC Sniffing Tool: WireShark

o    Sniffing Tool: vxSniffer

o    Sniffing Tool: Etherpeg

o    Sniffing Tool: Drifnet

o    Sniffing Tool: AirMagnet

o    Sniffing Tool: WinDump

o    Sniffing Tool: Ssidsniff

o    Multiuse Tool: THC-RUT

o    Tool: WinPcap

o    Tool: AirPcap

o    AirPcap: Example Program from the Developer's Pack

o    Microsoft Network Monitor

  Hacking Wireless Networks

o    Steps for Hacking Wireless Networks

o    Step 1: Find Networks to Attack

o    Step 2: Choose the Network to Attack

o    Step 3: Analyzing the Network

o    Step 4: Cracking the WEP Key

o    Step 5: Sniffing the Network

  Wireless Security

o    WIDZ: Wireless Intrusion Detection System

o    Radius: Used as Additional Layer in Security

o    Securing Wireless Networks

o    Wireless Network Security Checklist

o    WLAN Security: Passphrase

o    Don’ts in Wireless Security

  Wireless Security Tools

o    WLAN Diagnostic Tool: CommView for WiFi PPC

o    WLAN Diagnostic Tool: AirMagnet Handheld Analyzer

o    Auditing Tool: BSD-Airtools

o    AirDefense Guard  (

o    Google Secure Access

o    Tool: RogueScanner

Module 21:  Physical Security

  • Security Facts
  • Understanding Physical Security
  • Physical Security
  • What Is the Need for Physical Security
  • Who Is Accountable for Physical Security
  • Factors Affecting Physical Security
  • Physical Security Checklist

o    Physical Security Checklist -Company surroundings

o    Gates

o    Security Guards

o    Physical Security Checklist: Premises

o    CCTV Cameras

o    Reception

o    Server Room

o    Workstation Area

o    Wireless Access Point

o    Other Equipments

o    Access Control

         Biometric Devices

         Biometric Identification Techniques

          Authentication Mechanisms

         Authentication Mechanism Challenges: Biometrics

         Faking Fingerprints

         Smart cards

         Security Token

         Computer Equipment Maintenance


         Remote Access

         Lapse of Physical Security


  Lock Picking

  Lock Picking Tools

  • Information Security
  • EPS (Electronic Physical Security)
  • Wireless Security
  • Laptop Theft Statistics for 2007
  • Statistics for Stolen and Recovered Laptops
  • Laptop Theft
  • Laptop theft: Data Under Loss
  • Laptop Security Tools
  • Laptop Tracker - XTool Computer Tracker
  • Tools to Locate Stolen Laptops
  • Stop's Unique, Tamper-proof Patented Plate
  • Tool: TrueCrypt
  • Laptop Security Countermeasures
  • Mantrap
  • Challenges in Ensuring Physical Security
  • Spyware Technologies
  • Spying Devices
  • Physical Security: Lock Down USB Ports
  • Tool: DeviceLock 
  • Blocking the Use of USB Storage Devices
  • Track Stick GPS Tracking Device

Module 22: Linux Hacking

  Why Linux

  Linux Distributions

  Linux Live CD-ROMs

  Basic Commands of Linux: Files & Directories

  Linux Basic

o    Linux File Structure

o    Linux Networking Commands

  • Directories in Linux
  • Installing, Configuring, and Compiling Linux Kernel
  • How to Install a Kernel Patch
  • Compiling Programs in Linux
  • GCC Commands
  • Make Files
  • Make Install Command
  • Linux Vulnerabilities
  • Chrooting
  • Why is Linux Hacked
  • How to Apply Patches to Vulnerable Programs
  • Scanning Networks
  • Nmap in Linux
  • Scanning Tool: Nessus
  • Port Scan Detection Tools
  • Password Cracking in Linux: Xcrack
  • Firewall in Linux: IPTables
  • IPTables Command
  • Basic Linux Operating System Defense
  • SARA (Security Auditor's Research Assistant)
  • Linux Tool: Netcat
  • Linux Tool: tcpdump
  • Linux Tool: Snort
  • Linux Tool: SAINT
  • Linux Tool: Wireshark
  • Linux Tool: Abacus Port Sentry
  • Linux Tool: DSniff Collection
  • Linux Tool: Hping2
  • Linux Tool: Sniffit
  • Linux Tool: Nemesis
  • Linux Tool: LSOF
  • Linux Tool: IPTraf
  • Linux Tool:  LIDS
  • Hacking Tool: Hunt
  • Tool: TCP Wrappers
  • Linux Loadable Kernel Modules
  • Hacking Tool: Linux Rootkits
  • Rootkits: Knark & Torn
  • Rootkits: Tuxit, Adore, Ramen
  • Rootkit: Beastkit
  • Rootkit Countermeasures
  • ‘chkrootkit’ detects the following Rootkits
  • Linux Tools: Application Security
  • Advanced Intrusion Detection Environment (AIDE)
  • Linux Tools: Security Testing Tools
  • Linux Tools: Encryption
  • Linux Tools: Log and Traffic Monitors
  • Linux Security Auditing Tool (LSAT)
  • Linux Security Countermeasures
  • Steps for Hardening Linux

Module 23: Evading IDS, Firewalls and Detecting Honey Pots

  Introduction to Intrusion Detection System


  Intrusion Detection System (IDS)

o    IDS Placement

o    Ways to Detect an Intrusion

o    Types of Instruction Detection Systems

o    System Integrity Verifiers (SIVS)

o    Tripwire

o    Cisco Security Agent (CSA)

o    True/False, Positive/Negative

o    Signature Analysis

o    General Indication of Intrusion: System Indications

o    General Indication of Intrusion: File System Indications

o    General Indication of Intrusion: Network Indications

o    Intrusion Detection Tools


         Running Snort on Windows 2003

         Snort Console

         Testing Snort

         Configuring Snort (snort.conf)

         Snort Rules

         Set up Snort to Log to the Event Logs and to Run as a Service

         Using EventTriggers.exe for Eventlog Notifications


o    Steps to Perform after an IDS detects an attack

o    Evading IDS Systems

         Ways to Evade IDS

         Tools to Evade IDS

   IDS Evading Tool: ADMutate

   Packet Generators

  What is a Firewall?

o    What Does a Firewall Do

o    Packet Filtering

o    What can’t a firewall do

o    How does a Firewall work

o    Firewall Operations

o    Hardware Firewall

o    Software Firewall

o    Types of Firewall

         Packet Filtering Firewall

         IP Packet Filtering Firewall

         Circuit-Level Gateway

         TCP Packet Filtering Firewall

         Application Level Firewall

         Application Packet Filtering Firewall

         Stateful Multilayer Inspection Firewall

o    Packet Filtering Firewall

o    Firewall Identification

o    Firewalking

o    Banner Grabbing

o    Breaching Firewalls

o    Bypassing a Firewall using HTTPTunnel

o    Placing Backdoors through Firewalls

o    Hiding Behind a Covert Channel: LOKI

o    Tool: NCovert

o    ACK Tunneling

o    Tools to breach firewalls

  Common Tool for Testing Firewall and IDS

o    IDS testing tool: IDS Informer

o    IDS Testing Tool: Evasion Gateway

o    IDS Tool: Event Monitoring Enabling Responses to Anomalous Live Disturbances (Emerald)

o    IDS Tool: BlackICE

o    IDS Tool: Next-Generation Intrusion Detection Expert System (NIDES)

o    IDS Tool: SecureHost

o    IDS Tool: Snare

o    IDS Testing Tool: Traffic IQ Professional

o    IDS Testing Tool: TCPOpera

o    IDS testing tool: Firewall Informer

o    Atelier Web Firewall Tester

  What is Honeypot?

o    The Honeynet Project

o    Types of Honeypots

  Low-interaction honeypot

  Medium-interaction honeypot

  High-interaction honeypot

o    Advantages  and Disadvantages of a Honeypot                  

o    Where to place Honeypots

o    Honeypots


         Honeypot - honeyd

         Honeypot – KFSensor


o    Physical and Virtual Honeypots

  Tools to Detect Honeypots

  What to do when hacked

Module 24: Buffer Overflows

  • Why are Programs/Applications Vulnerable
  • Buffer Overflows
  • Reasons for Buffer Overflow Attacks
  • Knowledge Required to Program Buffer Overflow Exploits
  • Understanding Stacks
  • Understanding Heaps
  • Types of Buffer Overflows: Stack-based Buffer Overflow

o    A Simple Uncontrolled Overflow of the Stack

o    Stack Based Buffer Overflows

  • Types of Buffer Overflows: Heap-based Buffer Overflow

o    Heap Memory Buffer Overflow Bug

o    Heap-based Buffer Overflow

  • Understanding Assembly Language

o    Shellcode  

  • How to Detect Buffer Overflows in a Program

o    Attacking a Real Program


  How to Mutate a Buffer Overflow Exploit

  Once the Stack is Smashed

  • Defense Against Buffer Overflows

o    Tool to Defend Buffer Overflow: Return Address Defender (RAD)

o    Tool to Defend Buffer Overflow: StackGuard

o    Tool to Defend Buffer Overflow: Immunix System

o    Vulnerability Search: NIST

o    Valgrind

o    Insure++

  • Buffer Overflow Protection Solution: Libsafe

o    Comparing Functions of libc and Libsafe

  • Simple Buffer Overflow in C

o    Code Analysis

Module 25: Cryptography

  Introduction to Cryptography

  Classical Cryptographic Techniques

o    Encryption

o    Decryption

  Cryptographic Algorithms

  RSA (Rivest Shamir Adleman)

o    Example of RSA Algorithm

o    RSA Attacks

o    RSA Challenge

  Data Encryption Standard (DES)

o    DES Overview

  RC4, RC5, RC6, Blowfish

o    RC5

  Message Digest Functions

o    One-way Bash Functions

o    MD5

  SHA (Secure Hash Algorithm)

  SSL (Secure Sockets Layer)

  What is SSH?

o    SSH (Secure Shell)

  Algorithms and Security

  Disk Encryption

  Government Access to Keys (GAK)

  Digital Signature

o    Components of a Digital Signature

o    Method of Digital Signature Technology

o    Digital Signature Applications

o    Digital Signature Standard

o    Digital Signature Algorithm: Signature Generation/Verification

o    Digital Signature Algorithms: ECDSA, ElGamal Signature Scheme

o    Challenges and Opportunities

  Digital Certificates

o    Cleversafe Grid Builder

  PGP (Pretty Good Privacy)


  Command Line Scriptor


  Hacking Tool: PGP Crack

  Magic Lantern

  Advanced File Encryptor

  • Encryption Engine
  • Encrypt Files
  • Encrypt PDF
  • Encrypt Easy
  • Encrypt my Folder
  • Advanced HTML Encrypt and Password Protect
  • Encrypt HTML source
  • Alive File Encryption
  • Omziff
  • EncryptOnClick
  • CryptoForge
  •  SafeCryptor
  • CrypTool
  • Microsoft Cryptography Tools
  • Polar Crypto Light
  • CryptoSafe
  • Crypt Edit
  • CrypSecure
  • Cryptlib
  • Crypto++ Library

  Code Breaking: Methodologies


  Cryptography Attacks

  Brute-Force Attack

  Cracking S/MIME Encryption Using Idle CPU Time

  Use Of Cryptography

Module 26: Penetration Testing

  Introduction to Penetration Testing (PT)

  Categories of security assessments

  Vulnerability Assessment

  Limitations of Vulnerability Assessment

  Penetration Testing

  Types of  Penetration Testing

  Risk Management

  Do-It-Yourself Testing  

  Outsourcing Penetration Testing Services

  Terms of Engagement

  Project Scope

  Pentest Service Level Agreements

  Testing points

  Testing Locations

  Automated Testing

  Manual Testing

  Using DNS Domain Name and IP Address Information

  Enumerating Information about Hosts on Publicly Available Networks

  Testing Network-filtering Devices

  Enumerating Devices

  Denial-of-Service Emulation

  Pentest using Appscan


  Pen-Test Using Cerberus Internet Scanner

  Pen-Test Using Cybercop Scanner

  Pen-Test Using FoundScan Hardware Appliances

  Pen-Test Using Nessus

  Pen-Test Using NetRecon

  Pen-Test Using SAINT

  Pen-Test Using SecureNet Pro

  Pen-Test Using SecureScan

  Pen-Test Using SATAN, SARA and Security Analyzer

  Pen-Test Using STAT Analyzer

  Pentest Using VigilENT

  Pentest Using WebInspect

  Pentest Using CredDigger

  Pentest Using Nsauditor

  Evaluating Different Types of Pen-Test Tools

  Asset Audit

  Fault Tree and Attack Trees

  GAP Analysis


  Business Impact of Threat

  Internal Metrics Threat

  External Metrics Threat

  Calculating Relative Criticality

  Test Dependencies

  Defect Tracking Tools: Bug Tracker Server

  Disk Replication Tools

  DNS Zone Transfer Testing Tools

  Network Auditing Tools

  Trace Route Tools and Services

  Network Sniffing Tools

  Denial of Service Emulation Tools

  Traditional Load Testing Tools

  System Software Assessment Tools

  Operating System Protection Tools

  Fingerprinting Tools

  Port Scanning Tools

  Directory and File Access Control Tools

  File Share Scanning Tools

  Password Directories

  Password Guessing Tools

  Link Checking Tools

  Web-Testing Based Scripting tools

  Buffer Overflow protection Tools

  File Encryption Tools

  Database Assessment Tools

  Keyboard Logging and Screen Reordering Tools

  System Event Logging and Reviewing Tools

  Tripwire and Checksum Tools

  Mobile-code Scanning Tools

  Centralized Security Monitoring Tools

  Web Log Analysis Tools

  Forensic Data and Collection Tools

  Security Assessment Tools

  Multiple OS Management Tools

  Phases of Penetration Testing

  Pre-attack Phase

  Best Practices

  Results that can be Expected

  Passive Reconnaissance

  Active Reconnaissance

  Attack Phase

o    Activity: Perimeter Testing

o    Activity: Web Application Testing

o    Activity: Wireless Testing

o    Activity: Acquiring Target

o    Activity: Escalating Privileges

o    Activity: Execute, Implant and Retract

  Post Attack Phase and Activities

  Penetration Testing Deliverables Templates

Module 27: Covert Hacking

  Insider Attacks

  What is Covert Channel?

  Security Breach

  Why Do You Want to Use Covert Channel?

  Motivation of a Firewall Bypass

  Covert Channels Scope

  Covert Channel: Attack Techniques

  Simple Covert Attacks

  Advanced Covert Attacks

  Standard Direct Connection

  Reverse Shell (Reverse Telnet)

  Direct Attack Example

  In-Direct Attack Example

  Reverse Connecting Agents

  Covert Channel Attack Tools

o    Netcat

o    DNS Tunneling

o    Covert Channel Using DNS Tunneling

o    DNS Tunnel Client

o    DNS Tunneling Countermeasures

o    Covert Channel Using SSH

o    Covert Channel using SSH (Advanced)

o    HTTP/S Tunneling Attack

  Covert Channel Hacking Tool: Active Port Forwarder

  Covert Channel Hacking Tool: CCTT

  Covert Channel Hacking Tool: Firepass

  Covert Channel Hacking Tool: MsnShell

  Covert Channel Hacking Tool: Web Shell

  Covert Channel Hacking Tool: NCovert

o    Ncovert - How it works

  Covert Channel Hacking via Spam E-mail Messages


Module 28: Writing Virus Codes

  Introduction of Virus

  Types of Viruses

  Symptoms of a Virus Attack

  Prerequisites for Writing Viruses

  Required Tools and Utilities

  Virus Infection Flow Chart

o    Virus Infection: Step I

         Directory Traversal Method

         Example Directory Traversal Function

         “dot dot” Method

         Example Code for a “dot dot” Method

o    Virus Infection: Step II

o    Virus Infection: Step III

         Marking a File for Infection

o    Virus Infection: Step IV

o    Virus Infection: Step V

  Components of Viruses

o    Functioning of Replicator part

o    Writing Replicator

o    Writing Concealer

o    Dispatcher

o    Writing Bomb/Payload

         Trigger Mechanism


         Brute Force Logic Bombs

  Testing Virus Codes

  Tips for Better Virus Writing

Module 29: Assembly Language Tutorial

  • Base 10 System
  • Base 2 System
  • Decimal 0 to 15 in Binary
  • Binary Addition (C stands for Canary)
  • Hexadecimal Number
  • Hex Example
  • Hex Conversion
  • nibble
  • Computer memory
  • Characters Coding
  • CPU
  • Machine Language
  • Compilers
  • Clock Cycle
  • Original Registers
  • Instruction Pointer
  • Pentium Processor
  • Interrupts
  • Interrupt handler
  • External interrupts and Internal interrupts
  • Handlers
  • Machine Language
  • Assembly Language
  • Assembler
  • Assembly Language Vs High-level Language
  • Assembly Language Compilers
  • Instruction operands
  • MOV instruction
  • ADD instruction
  • SUB instruction
  • INC and DEC instructions
  • Directive
  • preprocessor
  • equ directive
  • %define directive
  • Data directives
  • Labels
  • Input and output
  • C Interface
  • Call
  • Creating a Program
  • Why should anyone learn assembly at all?

o    First.asm

  • Assembling the code
  • Compiling the C code
  • Linking the object files
  • Understanding an assembly listing file
  • Big and Little Endian Representation
  • Skeleton File
  • Working with Integers
  • Signed integers
  • Signed Magnitude
  • Two’s Compliment
  • If statements
  • Do while loops
  • Indirect addressing
  • Subprogram
  • The Stack
  • The SS segment
  • ESP
  • The Stack Usage
  • The CALL and RET Instructions
  • General subprogram form
  • Local variables on the stack
  • General subprogram form with local variables
  • Multi-module program
  • Saving registers
  • Labels of functions
  • Calculating addresses of local variables

Module 30: Exploit Writing

  • Exploits Overview
  • Prerequisites for Writing Exploits and Shellcodes
  • Purpose of Exploit Writing
  • Types of Exploits
  • Stack Overflow
  • Heap Corruption

o    Format String

o    Integer Bug Exploits

o    Race Condition

o    TCP/IP Attack

  • The Proof-of-Concept and Commercial Grade Exploit
  • Converting a Proof of Concept Exploit to Commercial Grade Exploit
  • Attack Methodologies
  • Socket Binding Exploits
  • Tools for Exploit Writing

o    LibExploit

o    Metasploit


  • Steps for Writing an Exploit
  • Differences Between Windows and Linux Exploits
  • Shellcodes
  • NULL Byte
  • Types of Shellcodes
  • Tools Used for Shellcode Development

o    NASM

o    GDB

o    objdump

o    ktrace

o    strace

o    readelf

  • Steps for Writing a Shellcode
  • Issues Involved With Shellcode Writing

o    Addressing problem

o    Null byte problem

o    System call implementation

Module 31: Smashing the Stack for Fun and Profit

  • What is a Buffer?
  • Static Vs Dynamic Variables
  • Stack Buffers
  • Data Region
  • Memory Process Regions
  • What Is A Stack?
  • Why Do We Use A Stack?
  • The Stack Region
  • Stack frame
  • Stack pointer
  • Procedure Call (Procedure Prolog)
  • Compiling the code to assembly
  • Call Statement
  • Return Address (RET)
  • Word Size
  • Stack
  • Buffer Overflows
  • Error
  • Why do we get a segmentation violation?
  • Segmentation Error
  • Instruction Jump
  • Guess Key Parameters
  • Calculation
  • Shell Code

o    The code to spawn a shell in C

  • Lets try to understand what is going on here. We'll start by studying main:
  • execve()

o    execve() system call

  • exit.c

o    List of steps with exit call

  • The code in Assembly
  • JMP
  • Code using indexed addressing
  • Offset calculation
  • shellcodeasm.c
  • testsc.c
  • Compile the code
  • NULL byte
  • shellcodeasm2.c
  • testsc2.c
  • Writing an Exploit
  • overflow1.c
  • Compiling the code
  • sp.c
  • vulnerable.c
  • NOPs

o    Using NOPs

o    Estimating the Location


Module 32: Windows Based Buffer Overflow Exploit Writing

  • Buffer Overflow
  • Stack overflow
  • Writing Windows Based Exploits
  • Exploiting stack based buffer overflow
  • OpenDataSource Buffer Overflow Vulnerability Details
  • Simple Proof of Concept
  • Windbg.exe
  • Analysis
  • EIP Register

o    Location of EIP

o    EIP

  • Execution Flow
  • But where can we jump to?
  • Offset Address
  • The Query
  • Finding jmp esp
  • Debug.exe
  • listdlls.exe
  • Msvcrt.dll
  • Out.sql
  • The payload
  • ESP
  • Limited Space
  • Getting Windows API/function absolute address
  • Memory Address
  • Other Addresses
  • Compile the program
  • Final Code

Module 33: Reverse Engineering

  Positive Applications of Reverse Engineering

  Ethical Reverse Engineering

  World War Case Study

  DMCA Act

  What is Disassembler?

  Why do you need to decompile?

  Professional Disassembler Tools

  Tool: IDA Pro

  Convert Machine Code to Assembly Code


  Program Obfuscation

  Convert Assembly Code to C++ code

  Machine Decompilers

  Tool: dcc

  Machine Code of compute.exe Prorgam

  Assembly Code of compute.exe Program

  Code Produced by the dcc Decompiler in C

  Tool: Boomerang

  What Boomerang Can Do?

  Andromeda Decompiler

  Tool: REC Decompiler

  Tool: EXE To C Decompiler

  Delphi Decompilers

  Tools for Decompiling .NET Applications

  Salamander .NET Decompiler

  Tool: LSW DotNet-Reflection-Browser

  Tool: Reflector

  Tool: Spices NET.Decompiler

  Tool: Decompilers.NET

  .NET Obfuscator and .NET Obfuscation

  Java Bytecode Decompilers

  Tool: JODE Java Decompiler


  Tool: SourceAgain

  Tool: ClassCracker

  Python Decompilers

  Reverse Engineering Tutorial

  OllyDbg Debugger

  How Does OllyDbg Work?

  Debugging a Simple Console Application

Module 34: MAC OS X Hacking

  • Introduction to MAC OS
  • Vulnerabilities in MAC

o    Crafted URL Vulnerability

o    CoreText Uninitialized Pointer Vulnerability

o    ImageIO Integer overflow Vulnerability

o    DirectoryService Vulnerability

o    iChat UPnP buffer overflow Vulnerability

o    ImageIO Memory Corruption Vulnerability

o    Code Execution Vulnerability

o    UFS filesystem integer overflow Vulnerability

o    Kernel "fpathconf()" System call Vulnerability

o    UserNotificationCenter Privilege Escalation Vulnerability

o    Other Vulnerabilities in MAC

  • How a Malformed Installer Package Can Crack Mac OS X
  • Worm and Viruses in MAC

o    OSX/Leap-A

o    Inqtana.A

o    Macro Viruses

  • Anti-Viruses in MAC

o    VirusBarrier

o    McAfee Virex for Macintosh

o    Endpoint Security and Control

o    Norton Internet Security

  • Mac Security Tools

o    MacScan

o    ClamXav

o    IPNetsentryx

o    FileGuard

  • Countermeasures

Module 35:  Hacking Routers, cable Modems and Firewalls

  • Network Devices
  • Identifying a Router
    • SING: Tool for Identifying the Router
  • HTTP Configuration Arbitrary Administrative Access Vulnerability
  • ADMsnmp
  • Solarwinds MIB Browser
  • Brute-Forcing Login Services
  • Hydra
  • Analyzing the Router Config
  • Cracking the Enable Password
  • Tool: Cain and Abel
  • Implications of a Router Attack
  • Types of Router Attacks
  • Router Attack Topology
  • Denial of Service (DoS) Attacks
  • Packet “Mistreating” Attacks
  • Routing Table Poisoning
  • Hit-and-run Attacks vs. Persistent Attacks
  • Cisco Router

o    Finding a Cisco Router

o    How to Get into Cisco Router

o    Breaking the Password

o    Is Anyone Here

o    Covering Tracks

o    Looking Around

  • Eigrp-tool
  • Tool: Zebra
  • Tool: Yersinia for HSRP, CDP, and other layer 2 attacks
  • Tool: Cisco Torch
  • Monitoring SMTP(port25) Using SLcheck
  • Monitoring HTTP(port 80)
  • Cable Modem Hacking

o    OneStep: ZUP

  • Waldo Beta 0.7 (b)





Module 36: Hacking Mobile Phones, PDA and Handheld Devices

  • Different OS in Mobile Phone
  • Different OS Structure in Mobile Phone
  • Evolution of Mobile Threat
  • Threats
  • What Can A Hacker Do
  • Vulnerabilities in Different Mobile Phones
  • Malware
  • Spyware

o    Spyware: SymbOS/Htool-SMSSender.A.intd

o    Spyware: SymbOS/MultiDropper.CG

o    Best Practices against Malware

  • Blackberry

o    Blackberry Attacks

o    Blackberry Attacks: Blackjacking

o    BlackBerry Wireless Security

o    BlackBerry Signing Authority Tool

o    Countermeasures

  • PDA

o    PDA Security Issues

o    ActiveSync attacks

o    HotSync Attack

o    PDA Virus: Brador

o    PDA Security Tools: TigerSuite PDA

o    Security Policies for PDAs

  • iPod

o    Misuse of iPod

o    Jailbreaking

o    Tools for jailbreaking: iFuntastic 

o    Prerequisite for iPhone Hacking

o    Step by Step iPhone Hacking using iFuntastic

o    Step by step iPhone Hacking

o    AppSnapp

         Steps for AppSnapp

o    Tool to Unlock iPhone: iPhoneSimFree

o    Tool to Unlock iPhone: anySIM

o    Steps for Unlocking your iPhone using AnySIM

o    Activate the Voicemail Button on your Unlocked iPhone

o    Podloso Virus

o    Security tool: Icon Lock-iT XP

  • Mobile: Is It a Breach to Enterprise Security?

o    Threats to Organizations Due to Mobile Devices

o    Security Actions by Organizations

  • Viruses

o    Skulls

o    Duts

o    Doomboot.A: Trojan

  • Antivirus

o    Kaspersky Antivirus Mobile

o    Airscanner

o    BitDefender Mobile Security

o    SMobile VirusGuard

o    Symantec AntiVirus

o    F-Secure Antivirus for Palm OS

o    BullGuard Mobile Antivirus

  • Security Tools

o    Sprite Terminator

o    Mobile Security Tools: Virus Scan Mobile

  • Defending Cell Phones and PDAs Against Attack
  • Mobile Phone Security Tips

Module 37: Bluetooth Hacking

  • Bluetooth Introduction
  • Security Issues in Bluetooth
  • Security Attacks in Bluetooth Devices

o    Bluejacking

o    Tools for Bluejacking

o    BlueSpam

o    Blue snarfing

o    BlueBug Attack

o    Short Pairing Code Attacks

o    Man-In-Middle Attacks

o    OnLine PIN Cracking Attack

o    BTKeylogging attack

o    BTVoiceBugging attack

o    Blueprinting

o    Bluesmacking  - The Ping of Death

o    Denial-of-Service Attack

o    BlueDump Attack

  • Bluetooth hacking tools

o    BTScanner

o    Bluesnarfer

o    Bluediving

o    Transient Bluetooth Environment Auditor

o    BTcrack

o    Blooover

o    Hidattack

  • Bluetooth Viruses and Worms

o    Cabir

o    Mabir

o    Lasco

  • Bluetooth Security tools

o    BlueWatch

o    BlueSweep

o    Bluekey

o    BlueFire Mobile Security Enterprise  Edition

o    BlueAuditor

o    Bluetooth Network Scanner

  • Countermeasures

Module 38: VoIP Hacking

  • What is VoIP
  • VoIP Hacking Steps
  • Footprinting

o    Information Sources

o    Unearthing Information

o    Organizational Structure and Corporate Locations

o    Help Desk

o    Job Listings

o    Phone Numbers and Extensions

o    VoIP Vendors

o    Resumes

o    WHOIS and DNS Analysis

o    Steps to Perform Footprinting

  • Scanning

o    Host/Device Discovery

o    ICMP Ping Sweeps

o    ARP Pings

o    TCP Ping Scans

o    SNMP Sweeps

o    Port Scanning and Service Discovery

o    TCP SYN Scan

o    UDP Scan

o    Host/Device Identification

  • Enumeration

o    Steps to Perform Enumeration

o    Banner Grabbing with Netcat

o    SIP User/Extension Enumeration

      • REGISTER Username Enumeration
      • INVITE Username Enumeration
      • OPTIONS Username Enumeration
      • Automated OPTIONS Scanning with sipsak
      • Automated REGISTER, INVITE and OPTIONS Scanning with SIPSCAN against SIP server
      • Automated OPTIONS Scanning Using SIPSCAN against SIP Phones

o    Enumerating TFTP Servers

o    SNMP Enumeration

o    Enumerating VxWorks VoIP Devices

  • Steps to Exploit the Network

o    Denial-of-Service (DoS)

o     Distributed Denial-of-Service (DDoS) Attack

o    Internal Denial-of-Service Attack

o    DoS Attack Scenarios

o    Eavesdropping

o    Packet Spoofing and Masquerading

o    Replay Attack

o    Call Redirection and Hijacking

o    ARP Spoofing

o    ARP Spoofing Attack

o    Service Interception

o    H.323-Specific Attacks

o    SIP Security Vulnerabilities

o    SIP Attacks

o     Flooding Attacks

o    DNS Cache Poisoning

o    Sniffing TFTP Configuration File Transfers

o    Performing Number Harvesting and Call Pattern Tracking

o    Call Eavesdropping

o    Interception through VoIP Signaling Manipulation

o    Man-In-The-Middle (MITM) Attack

o    Application-Level Interception Techniques

      • How to Insert Rogue Application
      • SIP Rogue Application
      • Listening to/Recording Calls
      • Replacing/Mixing Audio
      • Dropping Calls with a Rogue SIP Proxy
      • Randomly Redirect Calls with a Rogue SIP Proxy
      • Additional Attacks with a Rogue SIP Proxy

o    What is Fuzzing

      • Why Fuzzing
      • Commercial VoIP Fuzzing tools

o    Signaling and Media Manipulation

      • Registration Removal with erase_registrations Tool
      • Registration Addition with add_registrations Tool

o    VoIP Phishing

  • Covering Tracks

Module 39: RFID Hacking

  RFID- Definition

  Components of RFID Systems

  RFID Collisions

  • RFID Risks

o    Business Process Risk

o    Business Intelligence Risk

o    Privacy Risk

o    Externality Risk

      • Hazards of Electromagnetic Radiation
      • Computer Network Attacks

  RFID and Privacy Issues


  RFID Security and Privacy Threats

o    Sniffing

o    Tracking

o    Spoofing

o    Replay attacks

o    Denial-of-service

  Protection Against RFID Attacks

  RFID Guardian

  RFID Malware

o    How to Write an RFID Virus

o    How to Write an RFID Worm

o    Defending Against RFID Malware

  RFID Exploits

  Vulnerabilities in RFID-enabled Credit Cards

o    Skimming Attack

o    Replay Attack

o    Eavesdropping Attack

  RFID Hacking Tool: RFDump

  RFID Security Controls

o    Management Controls

o    Operational Controls

o    Technical Controls

  RFID Security

Module 40: Spamming

  • Introduction
  • Techniques used by Spammers
  • How Spamming is performed
  • Spammer: Statistics
  • Worsen ISP: Statistics
  • Top Spam Effected Countries: Statistics
  • Types of Spam Attacks
  • Spamming Tools

o    Farelogic Worldcast

o    123 Hidden Sender

o    YL Mail Man

o    Sendblaster

o    Direct Sender

o    Hotmailer

o    PackPal Bulk Email Server

o    IEmailer

  • Anti-Spam Techniques
  • Anti- Spamming Tools

o    AEVITA Stop SPAM Email

o    SpamExperts Desktop

o    SpamEater Pro

o    SpamWeasel

o    Spytech SpamAgent

o    AntispamSniper

o    Spam Reader

o    Spam Assassin Proxy (SA) Proxy

o    MailWasher Free

o    Spam Bully

  • Countermeasures

Module 41: Hacking USB Devices

  Introduction to USB Devices

  Electrical Attack

  Software Attack

  USB Attack on Windows

  Viruses and Worms

o    W32/Madang-Fam

o    W32/Hasnot-A

o    W32/Fujacks-AK

o    W32/Fujacks-E

o    W32/Dzan-C

o    W32/SillyFD-AA

o    W32/SillyFDC-BK

o    W32/LiarVB-A

o    W32/Hairy-A

o    W32/QQRob-ADN

o    W32/VBAut-B

o    HTTP W32.Drom

  Hacking Tools

o    USB Dumper

o    USB Switchblade

o    USB Hacksaw

  USB Security Tools

o    MyUSBonly

o    USBDeview

o    USB-Blocker

o    USB CopyNotify

o    Remora USB File Guard

o    Advanced USB Pro Monitor

o    Folder Password Expert USB

o    USBlyzer

o    USB PC Lock Pro

o    Torpark

o    Virus Chaser USB


Module 42: Hacking Database Servers

  • Hacking Database server: Introduction
  • Hacking Oracle Database Server

o    Attacking Oracle

o    Security Issues in Oracle

o    Types of Database Attacks

o    How to Break into an Oracle Database and Gain DBA Privileges

o    Oracle Worm: Voyager Beta

o    Ten Hacker Tricks to Exploit SQL Server Systems

  • Hacking SQL Server

o    How SQL Server is Hacked

o    Query Analyzer

o    odbcping Utility

o    Tool: ASPRunner Professional

o    Tool: FlexTracer 

  • Security Tools
  • SQL Server Security Best Practices: Administrator Checklist

  SQL Server Security Best Practices: Developer Checklist

Module 43: Cyber Warfare- Hacking, Al-Qaida and Terrorism

  Cyber Terrorism Over Internet

  Cyber-Warfare Attacks

  45 Muslim Doctors Planned US Terror Raids

  Net Attack


  Why Terrorists Use Cyber Techniques

  Cyber Support to Terrorist Operations





  Propaganda: Hizballah Website

  Cyber Threat to the Military

  Russia ‘hired botnets’ for Estonia Cyber-War

  NATO Threatens War with Russia

  Bush on Cyber War: ‘a subject I can learn a lot about’

  E.U. Urged to Launch Coordinated Effort Against Cybercrime

  Budget: Eye on Cyber-Terrorism Attacks

  Cyber Terror Threat is Growing, Says Reid

  Terror Web 2.0

  Table 1: How Websites Support Objectives of terrorist/Extremist Groups

  Electronic Jihad

  Electronic Jihad' App Offers Cyber Terrorism for the Masses

  Cyber Jihad – Cyber Firesale

Module 44: Internet Content Filtering Techniques

  • Introduction to Internet Filter
    • Key Features of Internet Filters
    • Pros and Cons of Internet Filters
  • Internet Content Filtering Tools
    • iProtectYou
    • Tool: Block Porn
    • Tool: FilterGate
    • Tool: Adblock
    • Tool: AdSubtract
    • Tool: GalaxySpy
    • Tool: AdsGone Pop Up Killer
    • Tool: AntiPopUp
    • Tool: Pop Up Police
    • Tool: Super Ad Blocker
    • Tool: Anti-AD Guard
    • Net Nanny
    • CyberSieve
    • BSafe Internet Filter
    • Tool: Stop-the-Pop-Up Lite
    • Tool: WebCleaner
    • Tool: AdCleaner
    • Tool: Adult Photo Blanker
    • Tool: LiveMark Family
    • Tool: KDT Site Blocker
    • Internet Safety Guidelines for Children

Module 45: Privacy on the Internet

  • Internet privacy
  • Proxy privacy
  • Spyware privacy
  • Email privacy
  • Cookies
  • Examining Information in Cookies
  • How Internet Cookies Work
  • How Google Stores Personal Information
  • Google Privacy Policy
  • Web Browsers
  • Web Bugs
  • Downloading Freeware
  • Internet Relay Chat
  • Pros and Cons of Internet Relay Chat
  • Electronic Commerce
  • Internet Privacy Tools: Anonymizers
    • Anonymizer Anonymous Surfing
    • Anonymizer Total Net Shield
    • Anonymizer Nyms
    • Anonymizer Anti-Spyware
    • Anonymizer Digital Shredder Lite
    • Steganos Internet Anonym
    • Invisible IP Map
    • NetConceal Anonymity Shield
    • Anonymous Guest
    • ViewShield
    • IP Hider
    • Mask Surf Standard
    • VIP Anonymity
    • SmartHide
    • Anonymity Gateway
    • Hide My IP
    • Claros Anonymity
    • Max Internet Optimizer
    • Hotspot Shield
    • Anonymous Browsing Toolbar
    • Invisible Browsing
    • Real Time Cleaner
    • Anonymous Web Surfing
    • Anonymous Friend
    • Easy Hide IP

  Internet Privacy Tools: Firewall Tools

    • Agnitum firewall
    • Firestarter
    • Sunbelt Personal Firewall
    • Netdefender

  Internet Privacy Tools: Others

    • Privacy Eraser
    • CookieCop
    • Cookiepal
    • Historykill
    • Tracks eraser
  • Best Practices
    • Protecting Search Privacy
    • Tips for Internet Privacy
  • Counter measures

Module 46: Securing Laptop Computers

  • Statistics for Stolen and Recovered Laptops
  • Statistics on Security
  • Percentage of Organizations Following the Security Measures
  • Laptop threats
  • Laptop Theft
  • Fingerprint Reader
  • Protecting Laptops Through Face Recognition
  • Bluetooth in Laptops
  • Tools

o    Laptop Security

o    Laptop Security Tools

o    Laptop Alarm

o    Flexysafe

o    Master Lock

o    eToken

o    STOP-Lock

o    True Crypt

o    PAL PC Tracker

o    Cryptex

o    Dekart Private Disk Multifactor

o    Laptop Anti-Theft

o    Inspice Trace


o    SecureTrieve Pro

o    XTool Laptop Tracker

o    XTool Encrypted Disk

o    XTool Asset Auditor

o    XTool Remote Delete

  Securing from Physical Laptop Thefts

  Hardware Security for Laptops

  Protecting the Sensitive Data

  Preventing Laptop Communications from Wireless Threats

  Protecting the Stolen Laptops from Being Used

  Security Tips

Module 47: Spying Technologies


  Motives of Spying

  Spying Devices

o    Spying Using Cams

o    Video Spy

o    Video Spy Devices

o    Tiny Spy Video Cams

o    Underwater Video Camera

o    Camera Spy Devices

o    Goggle Spy

o    Watch Spy

o    Pen Spy

o    Binoculars Spy

o    Toy Spy

o    Spy Helicopter

o    Wireless Spy Camera

o    Spy Kit

o    Spy Scope: Spy Telescope and Microscope

o    Spy Eye Side Telescope

o    Audio Spy Devices

o    Eavesdropper Listening Device

o    GPS Devices

o    Spy Detectors

o    Spy Detector Devices

  Vendors Hosting Spy Devices

o    Spy Gadgets

o    Spy Tools Directory


o    Spy Associates

o    Paramountzone

o    Surveillance Protection

  Spying Tools

o    Net Spy Pro-Computer Network Monitoring and Protection

o    SpyBoss Pro

o    CyberSpy

o    Spytech SpyAgent

o    ID Computer Spy

o    e-Surveiller

o    KGB Spy Software

o    O&K Work Spy

o    WebCam Spy

o    Golden Eye

  Anti-Spying Tools

o    Internet Spy Filter

o    Spybot - S&D

o    SpyCop

o    Spyware Terminator

o    XoftSpySE



Module 48: Corporate Espionage- Hacking Using Insiders

  • Introduction To Corporate Espionage
  • Information Corporate Spies Seek
  • Insider Threat
  • Different Categories of Insider Threat
  • Privileged Access
  • Driving Force behind Insider Attack
  • Common Attacks carried out by Insiders
  • Techniques Used for Corporate Espionage
  • Process of Hacking
  • Former Forbes Employee Pleads Guilty
  • Former Employees Abet Stealing Trade Secrets
  • California Man Sentenced For Hacking
  • Federal Employee Sentenced for Hacking
  • Facts
  • Key Findings from U.S Secret Service and CERT Coordination Center/SEI study on Insider Threat
  • Tools

o    NetVizor

o    Privatefirewall w/Pest Patrol


o    Best Practices against Insider Threat

o    Countermeasures

Module 49: Creating Security Policies

  • Security policies
  • Key Elements of Security Policy
  • Defining the Purpose and Goals of Security Policy
  • Role of Security Policy
  • Classification of Security Policy
  • Design of Security Policy
  • Contents of Security Policy
  • Configurations of Security Policy
  • Implementing Security Policies
  • Types of Security Policies
    • Promiscuous Policy
    • Permissive Policy
    • Prudent Policy
    • Paranoid Policy
    • Acceptable-Use Policy
    • User-Account Policy
    • Remote-Access Policy
    • Information-Protection Policy
    • Firewall-Management Policy
    • Special-Access Policy
    • Network-Connection Policy
    • Business-Partner Policy
    • Other Important Policies
  • Policy Statements
  • Basic Document Set of Information Security Policies
  • E-mail Security Policy
    • Best Practices for Creating E-mail Security Policies
    • User Identification and Passwords Policy
  • Software Security Policy
  • Software License Policy
  • Points to Remember While Writing a Security Policy
  • Sample Policies
    • Remote Access Policy
    • Wireless Security Policy
    • E-mail Security Policy
    • E-mail and Internet Usage Policies
    • Personal Computer Acceptable Use Policy
    • Firewall Management policy
    • Internet Acceptable Use Policy
    • User Identification and Password Policy
    • Software License Policy

Module 50: Software Piracy and Warez

  • Software Activation: Introduction
    • Process of Software Activation
  • Piracy
    • Piracy Over Internet
    • Abusive Copies
    • Pirated Copies
    • Cracked Copies
    • Impacts of piracy
    • Software Piracy Rate in 2006
    • Piracy Blocking
  • Software Copy Protection Backgrounders
    • CD Key Numbers
    • Dongles
    • Media Limited Installations
    • Protected Media
    • Hidden Serial Numbers
    • Digital Right Management (DRM)
    • Copy protection for DVD
  • Warez
    • Warez
    • Types of Warez
    • Warez Distribution
    • Distribution Methods
  • Tool: Crypkey
  • Tool: EnTrial
  • EnTrial Tool: Distribution File
  • EnTrial Tool: Product & Package Initialization Dialog
  • EnTrial Tool: Add Package GUI
  • Tool: DF_ProtectionKit
  • Tool: Crack Killer
  • Tool: Logic Protect
  • Tool: Software License Manager
  • Tool: Quick License Manager
  • Tool: WTM CD Protect

Module 51: Hacking and Cheating Online Games

  • Online Games: Introduction
  • Basics of Game Hacking
  • Threats in Online Gaming
  • Cheating in Online Computer Games
  • Types of Exploits
  • Example of popular game exploits
  • Stealing Online Game Passwords
    • Stealing Online Game Passwords: Social Engineering and Phishing
  • Online Gaming Malware from 1997-2007
  • Best Practices for Secure Online Gaming
  • Tips for Secure Online Gaming

Module 52: Hacking RSS and Atom