1

Information Technology -Ethical Hacking and Countermeasures- Version 9 This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking. This course prepares you for EC-Council Certified Ethical Hacker exam 312-50.

Course Outline I. Introduction to Ethical Hacking A. Internet Crime Current Report: IC3 B. Data Breach Investigations Report C. Types of Data Stolen From the Organizations D. Essential Terminologies E. Elements of Information Security F. Authenticity and Non-Repudiation G. The Security, Functionality, and Usability Triangle H. Security Challenges I. Effects of Hacking 1. Effects of Hacking on Business J. Who is a Hacker? K. Hacker Classes L. Hacktivism M. What Does a Hacker Do? N. Phase 1 – Reconnaissance 1. Reconnaissance Types O. Phase 2 – Scanning P. Phase 3 – Gaining Access Q. Phase 4 – Maintaining Access R. Phase 5 – Covering Tracks S. Types of Attacks on a System 1. Operating System Attacks 2. Application-Level Attacks 3. Shrink Wrap Code Attacks 4. Misconfiguration Attacks T. Why Ethical Hacking is Necessary? U. Defense in Depth V. Scope and Limitations of Ethical Hacking W. What Do Ethical Hackers Do? X. Skills of an Ethical Hacker Y. Vulnerability Research

2

Z. Vulnerability Research Websites AA. What is Penetration Testing? BB. Why Penetration Testing? CC. Penetration Testing Methodology II. Footprinting and Reconnaissance A. Footprinting Terminologies B. What is Footprinting? C. Objectives of Footprinting D. Footprinting Threats E. Finding a Company’s URL F. Locate Internal URLs G. Public and Restricted Websites H. Search for Company’s Information 1. Tools to Extract Company’s Data I. Footprinting Through Search Engines J. Collect Location Information 1. Satellite Picture of a Residence K. People Search 1. People Search Using http://pipl.com 2. People Search Online Services 3. People Search on Social Networking Services L. Gather Information from Financial Services M. Footprinting Through Job Sites N. Monitoring Target Using Alerts O. Competitive Intelligence Gathering 1. Competitive Intelligence-When Did this Company Begin? How Did it Develop? 2. Competitive Intelligence-What are the Company's Plans? 3. Competitive Intelligence-What Expert Opinion Say About the Company? 4. Competitive Intelligence Tools 5. Competitive Intelligence Consulting Companies P. WHOIS Lookup 1. WHOIS Lookup Result Analysis 2. WHOIS Lookup Tools: SmartWhois 3. WHOIS Lookup Tools 4. WHOIS Lookup Online Tools Q. Extracting DNS Information 1. DNS Interrogation Tools 2. DNS Interrogation Online Tools R. Locate the Network Range S. Traceroute 1. Traceroute Analysis 2. Traceroute Tool: 3D Traceroute 3. Traceroute Tool: LoriotPro 4. Traceroute Tool: Path Analyzer Pro 5. Traceroute Tools T. Mirroring Entire Website 1. Website Mirroring Tools 2. Mirroring Entire Website Tools

3

U. Extract Website Information from http://www.archive.org V. Monitoring Web Updates Using Website Watcher W. Tracking Email Communications 1. Email Tracking Tools X. Footprint Using Google Hacking Techniques Y. What a Hacker Can Do With Google Hacking? Z. Google Advance Search Operators 1. Finding Resources using Google Advance Operator AA. Google Hacking Tool: Google Hacking Database (GHDB) BB. Google Hacking Tools CC. Additional Footprinting Tools DD. Footprinting Countermeasures EE. Footprinting Pen Testing III. Scanning Networks A. Network Scanning B. Types of Scanning C. Checking for Live Systems - ICMP Scanning D. Ping Sweep 1. Ping Sweep Tools E. Three-Way Handshake F. TCP Communication Flags 1. Create Custom Packet using TCP Flags G. Hping2 / Hping3 H. Hping Commands I. Scanning Techniques 1. TCP Connect / Full Open Scan 2. Stealth Scan (Half-open Scan) 3. Xmas Scan 4. FIN Scan 5. NULL Scan 6. IDLE Scan a. IDLE Scan: Step 1 b. IDLE Scan: Step 2.1 (Open Port) c. IDLE Scan: Step 2.2 (Closed Port) d. IDLE Scan: Step 3 7. ICMP Echo Scanning/List Scan 8. SYN/FIN Scanning Using IP Fragments 9. UDP Scanning 10. Inverse TCP Flag Scanning 11. ACK Flag Scanning J. Scanning: IDS Evasion Techniques K. IP Fragmentation Tools L. Scanning Tool: Nmap M. Scanning Tool: NetScan Tools Pro N. Scanning Tools O. Do Not Scan These IP Addresses (Unless you want to get into trouble) P. Scanning Countermeasures Q. War Dialing

4

R. Why War Dialing? S. War Dialing Tools T. War Dialing Countermeasures 1. War Dialing Countermeasures: SandTrap Tool U. OS Fingerprinting 1. Active Banner Grabbing Using Telnet V. Banner Grabbing Tool: ID Serve W. GET REQUESTS X. Banner Grabbing Tool: Netcraft Y. Banner Grabbing Tools Z. Banner Grabbing Countermeasures: Disabling or Changing Banner AA. Hiding File Extensions BB. Hiding File Extensions from Webpages CC. Vulnerability Scanning 1. Vulnerability Scanning Tool: Nessus 2. Vulnerability Scanning Tool: SAINT 3. Vulnerability Scanning Tool: GFI LANGuard DD. Network Vulnerability Scanners EE. LANsurveyor FF. Network Mappers GG. Proxy Servers HH. Why Attackers Use Proxy Servers? II. Use of Proxies for Attack JJ. How Does MultiProxy Work? KK. Free Proxy Servers LL. Proxy Workbench MM. Proxifier Tool: Create Chain of Proxy Servers NN. SocksChain OO. TOR (The Onion Routing) PP. TOR Proxy Chaining Software QQ. HTTP Tunneling Techniques RR. Why do I Need HTTP Tunneling? SS. Super Network Tunnel Tool TT. Httptunnel for Windows UU. Additional HTTP Tunneling Tools VV. SSH Tunneling WW. SSL Proxy Tool XX. How to Run SSL Proxy? YY. Proxy Tools ZZ. Anonymizers AAA. Types of Anonymizers BBB. Case: Bloggers Write Text Backwards to Bypass Web Filters in China CCC. Text Conversion to Avoid Filters DDD. Censorship Circumvention Tool: Psiphon EEE. How Psiphon Works? FFF. How to Check if Your Website is Blocked in China or Not? GGG. G-Zapper HHH. Anonymizer Tools

5

III. Spoofing IP Address JJJ. IP Spoofing Detection Techniques: Direct TTL Probes KKK. IP Spoofing Detection Techniques: IP Identification Number LLL. IP Spoofing Detection Techniques: TCP Flow Control Method MMM. IP Spoofing Countermeasures NNN. Scanning Pen Testing IV. Enumeration A. What is Enumeration? B. Techniques for Enumeration C. Netbios Enumeration 1. NetBIOS Enumeration Tool: SuperScan 2. NetBIOS Enumeration Tool: NetBIOS Enumerator D. Enumerating User Accounts E. Enumerate Systems Using Default Passwords F. SNMP (Simple Network Management Protocol) Enumeration 1. Management Information Base (MIB) 2. SNMP Enumeration Tool: OpUtils Network Monitoring Toolset 3. SNMP Enumeration Tool: SolarWinds 4. SNMP Enumeration Tools G. UNIX/Linux Enumeration 1. Linux Enumeration Tool: Enum4linux H. LDAP Enumeration 1. LDAP Enumeration Tool: JXplorer 2. LDAP Enumeration Tool I. NTP Enumeration 1. NTP Server Discovery Tool: NTP Server Scanner 2. NTP Server: PresenTense Time Server 3. NTP Enumeration Tools J. SMTP Enumeration 1. SMTP Enumeration Tool: NetScanTools Pro K. DNS Zone Transfer Enumeration Using nslookup 1. DNS Analyzing and Enumeration Tool: The Men & Mice Suite L. Enumeration Countermeasures 1. SMB Enumeration Countermeasures M. Enumeration Pen Testing V. System Hacking A. Information at Hand Before System Hacking Stage B. System Hacking: Goals C. CEH Hacking Methodology (CHM) D. Password Cracking 1. Password Complexity 2. Password Cracking Techniques 3. Types of Password Attacks a. Passive Online Attacks: Wire Sniffing b. Password Sniffing c. Passive Online Attack: Man-in-the-Middle and Replay Attack d. Active Online Attack: Password Guessing (1) Active Online Attack: Trojan/Spyware/Keylogger

6

(2) Active Online Attack: Hash Injection Attack e. Rainbow Attacks: Pre-Computed Hash f. Distributed Network Attack (1) Elcomsoft Distributed Password Recovery g. Non-Electronic Attacks (1) Default Passwords h. Manual Password Cracking (Guessing) i. Automatic Password Cracking Algorithm k. Stealing Passwords Using USB Drive E. Microsoft Authentication F. How Hash Passwords are Stored in Windows SAM? H. What is LAN Manager Hash? 1. LM “Hash” Generation 2. LM, NTLMv1, and NTLMv2 3. NTLM Authentication Process I. Kerberos Authentication J. Salting K. PWdump7 and Fgdump L. L0phtCrack M. Ophcrack N. Cain & Abel O. RainbowCrack P. Password Cracking Tools Q. LM Hash Backward Compatibility 1. How to Disable LM HASH? R. How to Defend against Password Cracking? 1. Implement and Enforce Strong Security Policy S. Privilege Escalation 1. Escalation of Privileges T. Active@ Password Changer U. Privilege Escalation Tools V. How to Defend against Privilege Escalation? W. Executing Applications X. Alchemy Remote Executor Y. RemoteExec Z. Execute This! AA. Keylogger BB. Types of Keystroke Loggers CC. Acoustic/CAM Keylogger 1. Keylogger: Advanced Keylogger 2. Keylogger: Spytech SpyAgent 3. Keylogger: Perfect Keylogger 4. Keylogger: Powered Keylogger 5. Keylogger for Mac: Aobo Mac OS X KeyLogger 6. Keylogger for Mac: Perfect Keylogger for Mac 7. Hardware Keylogger: KeyGhost DD. Keyloggers EE. Spyware

7

1. What Does the Spyware Do? 2. Types of Spywares a. Desktop Spyware (1) Desktop Spyware: Activity Monitor b. Email and Internet Spyware (1) Email and Internet Spyware: eBLASTER c. Internet and E-mail Spyware d. Child Monitoring Spyware (1) Child Monitoring Spyware: Advanced Parental Control e. Screen Capturing Spyware (1) Screen Capturing Spyware: Spector Pro f. USB Spyware (1) USB Spyware: USBDumper g. Audio Spyware (1) Audio Spyware: RoboNanny, Stealth Recorder Pro and Spy Voice Recorder h. Video Spyware (1) Video Spyware: Net Video Spy i. Print Spyware (1) Print Spyware: Printer Activity Monitor j. Telephone/Cellphone Spyware k. Cellphone Spyware: Mobile Spy l. GPS Spyware (1) GPS Spyware: GPS TrackMaker FF. How to Defend against Keyloggers? 1. Anti-Keylogger 2. Anti-Keylogger: Zemana AntiLogger 3. Anti-Keyloggers GG. How to Defend against Spyware? 1. Anti-Spyware: Spyware Doctor HH. Rootkits II. Types of Rootkits JJ. How Rootkit Works? KK. Rootkit: Fu LL. Detecting Rootkits 1. Steps for Detecting Rootkits MM. How to Defend against Rootkits? NN. Anti-Rootkit: RootkitRevealer and McAfee Rootkit Detective OO. NTFS Data Stream 1. How to Create NTFS Streams? 2. NTFS Stream Manipulation 3. How to Defend against NTFS Streams? 4. NTFS Stream Detector: ADS Scan Engine 5. NTFS Stream Detectors PP. What is Steganography? 1. Steganography Techniques 2. How Steganography Works? QQ. Types of Steganography

8

1. Whitespace Steganography Tool: SNOW RR. Image Steganography 1. Image Steganography: Hermetic Stego 2. Image Steganography Tools SS. Document Steganography: wbStego 1. Document Steganography Tools TT. Video Steganography: Our Secret 1. Video Steganography Tools UU. Audio Steganography: Mp3stegz 1. Audio Steganography Tools VV. Folder Steganography: Invisible Secrets 4 1. Folder Steganography Tools WW. Spam/Email Steganography: Spam Mimic XX. Natural Text Steganography: Sams Big G Play Maker YY. Steganalysis 1. Steganalysis Methods/Attacks on Steganography ZZ. Steganography Detection Tool: Stegdetect 1. Steganography Detection Tools AAA. Why Cover Tracks? 1. Covering Tracks BBB. Ways to Clear Online Tracks CCC. Disabling Auditing: Auditpol DDD. Covering Tracks Tool: Window Washer EEE. Covering Tracks Tool: Tracks Eraser Pro 1. Track Covering Tools FFF. System Hacking Penetration Testing VI.Trojans and Backdoors A. What is a Trojan? B. Overt and Covert Channels C. Purpose of Trojans D. What Do Trojan Creators Look For? E. Indications of a Trojan Attack F. Common Ports used by Trojans G. How to Infect Systems Using a Trojan? H. Wrappers 1. Wrapper Covert Programs I. Different Ways a Trojan can Get into a System J. How to Deploy a Trojan? K. Evading Anti-Virus Techniques L. Types of Trojans 1. Command Shell Trojans a. Command Shell Trojan: Netcat 2. GUI Trojan: MoSucker a. GUI Trojan: Jumper and Biodox 3. Document Trojans 4. E-mail Trojans a. E-mail Trojans: RemoteByMail 5. Defacement Trojans

9

a. Defacement Trojans: Restorator 6. Botnet Trojans a. Botnet Trojan: Illusion Bot b. Botnet Trojan: NetBot Attacker 7. Proxy Server Trojans a. Proxy Server Trojan: W3bPrOxy Tr0j4nCr34t0r (Funny Name) 8. FTP Trojans a. FTP Trojan: TinyFTPD 9. VNC Trojans 10. HTTP/HTTPS Trojans a. HTTP Trojan: HTTP RAT 11. Shttpd Trojan - HTTPS (SSL) 12. ICMP Tunneling a. ICMP Trojan: icmpsend 13. Remote Access Trojans a. Remote Access Trojan: RAT DarkComet b. Remote Access Trojan: Apocalypse 14. Covert Channel Trojan: CCTT 15. E-banking Trojans 16. Banking Trojan Analysis a. E-banking Trojan: ZeuS M. Destructive Trojans N. Notification Trojans O. Credit Card Trojans P. Data Hiding Trojans (Encrypted Trojans) Q. BlackBerry Trojan: PhoneSnoop R. MAC OS X Trojan: DNSChanger S. MAC OS X Trojan: DNSChanger T. Mac OS X Trojan: Hell Raiser U. How to Detect Trojans? 1. Scanning for Suspicious Ports 2. Port Monitoring Tool: IceSword 3. Port Monitoring Tools: CurrPorts and TCPView 4. Scanning for Suspicious Processes V. Process Monitoring Tool: What's Running 1. Process Monitoring Tools W. Scanning for Suspicious Registry Entries X. Registry Entry Monitoring Tools Y. Scanning for Suspicious Device Drivers 1. Device Drivers Monitoring Tools: DriverView 2. Device Drivers Monitoring Tools Z. Scanning for Suspicious Windows Services 1. Windows Services Monitoring Tools: Windows Service Manager (SrvMan) 2. Windows Services Monitoring Tools AA. Scanning for Suspicious Startup Programs 1. Windows7 Startup Registry Entries 2. Startup Programs Monitoring Tools: Starter 3. Startup Programs Monitoring Tools: Security AutoRun

10

4. Startup Programs Monitoring Tools BB. Scanning for Suspicious Files and Folders 1. Files and Folder Integrity Checker: FastSum and WinMD5 2. Files and Folder Integrity Checker CC. Scanning for Suspicious Network Activities 1. Detecting Trojans and Worms with Capsa Network Analyzer DD. Trojan Countermeasures EE. Backdoor Countermeasures FF. Trojan Horse Construction Kit GG. Anti-Trojan Software: TrojanHunter HH. Anti-Trojan Software: Emsisoft Anti-Malware II. Anti-Trojan Softwares JJ. Pen Testing for Trojans and Backdoors VII. Viruses and Worms A. Introduction to Viruses B. Virus and Worm Statistics 2010 C. Stages of Virus Life D. Working of Viruses: Infection Phase E. Working of Viruses: Attack Phase F. Why Do People Create Computer Viruses? G. Indications of Virus Attack H. How does a Computer get Infected by Viruses? I. Virus Hoaxes J. Virus Analysis: 1. W32/Sality AA 2. W32/Toal-A 3. W32/Virut 4. Klez K. Types of Viruses 1. System or Boot Sector Viruses 2. File and Multipartite Viruses 3. Macro Viruses 4. Cluster Viruses 5. Stealth/Tunneling Viruses 6. Encryption Viruses 7. Polymorphic Code 8. Metamorphic Viruses 9. File Overwriting or Cavity Viruses 10. Sparse Infector Viruses 11. Companion/Camouflage Viruses 12. Shell Viruses 13. File Extension Viruses 14. Add-on and Intrusive Viruses L. Transient and Terminate and Stay Resident VirusesWriting a Simple Virus Program 1. Terabit Virus Maker 2. JPS Virus Maker 3. DELmE's Batch Virus Maker

11

M. Computer Worms N. How is a Worm Different from a Virus? O. Example of Worm Infection: Conficker Worm 1. What does the Conficker Worm do? 2. How does the Conficker Worm Work? P. Worm Analysis: 1. W32/Netsky 2. W32/Bagle.GE Q. Worm Maker: Internet Worm Maker Thing R. What is Sheep Dip Computer? S. Anti-Virus Sensors Systems T. Malware Analysis Procedure U. String Extracting Tool: Bintext V. Compression and Decompression Tool: UPX W. Process Monitoring Tools: Process Monitor X. Log Packet Content Monitoring Tools: NetResident Y. Debugging Tool: Ollydbg Z. Virus Analysis Tool: IDA Pro AA. Online Malware Testing: 1. Sunbelt CWSandbox 2. VirusTotal BB. Online Malware Analysis Services CC. Virus Detection Methods DD. Virus and Worms Countermeasures EE. Companion Antivirus: Immunet Protect FF. Anti-virus Tools GG. Penetration Testing for Virus VIII. Sniffers A. Lawful Intercept 1. Benefits of Lawful Intercept 2. Network Components Used for Lawful Intercept B. Wiretapping C. Sniffing Threats D. How a Sniffer Works? E. Hacker Attacking a Switch F. Types of Sniffing: Passive Sniffing G. Types of Sniffing: Active Sniffing H. Protocols Vulnerable to Sniffing I. Tie to Data Link Layer in OSI Model J. Hardware Protocol Analyzers K. SPAN Port L. MAC Flooding 1. MAC Address/CAM Table 2. How CAM Works? 3. What Happens When CAM Table is Full? 4. Mac Flooding Switches with macof 5. MAC Flooding Tool: Yersinia

12

6. How to Defend against MAC Attacks? M. How DHCP Works? 1. DHCP Request/Reply Messages 2. IPv4 DHCP Packet Format 3. DHCP Starvation Attack 4. Rogue DHCP Server Attack 5. DHCP Starvation Attack Tool: Gobbler 6. How to Defend Against DHCP Starvation and Rogue Server Attack? N. What is Address Resolution Protocol (ARP)? 1. ARP Spoofing Attack 2. How Does ARP Spoofing Work? 3. Threats of ARP Poisoning 4. ARP Poisoning Tool: Cain and Abel 5. ARP Poisoning Tool: WinArpAttacker 6. ARP Poisoning Tool: Ufasoft Snif 7. How to Defend Against ARP Poisoning? Use DHCP Snooping Binding Table and Dynamic ARP Inspection O. Configuring DHCP Snooping and Dynamic ARP Inspection on Cisco Switches P. MAC Spoofing/Duplicating 1. Spoofing Attack Threats 2. MAC Spoofing Tool: SMAC 3. How to Defend Against MAC Spoofing? Use DHCP Snooping Binding Table, Dynamic ARP Inspection and IP Source Guide Q. DNS Poisoning Techniques 1. Intranet DNS Spoofing 2. Internet DNS Spoofing 3. Proxy Server DNS Poisoning 4. DNS Cache Poisoning 5. How to Defend Against DNS Spoofing? R. Sniffing Tool: Wireshark 1. Follow TCP Stream in Wireshark 2. Display Filters in Wireshark 3. Additional Wireshark Filters S. Sniffing Tool: CACE Pilot T. Sniffing Tool: Tcpdump/Windump U. Discovery Tool: NetworkView V. Discovery Tool: The Dude Sniffer W. Password Sniffing Tool: Ace X. Packet Sniffing Tool: Capsa Network Analyzer Y. OmniPeek Network Analyzer Z. Network Packet Analyzer: Observer AA. Session Capture Sniffer: NetWitness BB. Email Message Sniffer: Big-Mother CC. TCP/IP Packet Crafter: Packet Builder DD. Additional Sniffing Tools EE. How an Attacker Hacks the Network Using Sniffers?

13

FF. How to Defend Against Sniffing? GG. Sniffing Prevention Techniques HH. How to Detect Sniffing? II. Promiscuous Detection Tool: PromqryUI JJ. Promiscuous Detection Tool: PromiScan IX. Social Engineering A. What is Social Engineering? B. Behaviors Vulnerable to Attacks 1. Factors that Make Companies Vulnerable to Attacks C. Why is Social Engineering Effective? D. Warning Signs of an Attack E. Phases in a Social Engineering Attack F. Impact on the Organization G. Command Injection Attacks H. Common Targets of Social Engineering 1. Common Targets of Social Engineering: Office Workers I. Types of Social Engineering 1. Human-Based Social Engineering a. Technical Support Example b. Authority Support Example c. Human-based Social Engineering: Dumpster Diving 2. Computer-Based Social Engineering a. Computer-Based Social Engineering: Pop-Ups d. Computer-Based Social Engineering: Phishing 3. Social Engineering Using SMS 4. Social Engineering by a “Fake SMS Spying Tool” J. Insider Attack 1. Disgruntled Employee 2. Preventing Insider Threats K. Common Intrusion Tactics and Strategies for Prevention L. Social Engineering Through Impersonation on Social Networking Sites 1. Social Engineering Example: LinkedIn Profile 2. Social Engineering on Facebook 3. Social Engineering on Twitter 4. Social Engineering on Orkut 5. Social Engineering on MySpace M. Risks of Social Networking to Corporate Networks N. Identity Theft Statistics 2010 1. Identify Theft 2. How to Steal an Identity? 3. STEP 1 4. STEP 2 5. STEP 3 O. Real Steven Gets Huge Credit Card Statement P. Identity Theft - Serious Problem Q. Social Engineering Countermeasures: Policies 1. Social Engineering Countermeasures

14

R. How to Detect Phishing Emails? 1. Anti-Phishing Toolbar: Netcraft 2. Anti-Phishing Toolbar: PhishTank S. Identity Theft Countermeasures T. Social Engineering Pen Testing 1. Social Engineering Pen Testing: Using Emails 2. Social Engineering Pen Testing: Using Phone 3. Social Engineering Pen Testing: In Person X. Denial of Service A. What is a Denial of Service Attack? B. What is Distributed Denial of Service Attacks? 1. How Distributed Denial of Service Attacks Work? C. Symptoms of a DoS Attack D. Cyber Criminals 1. Organized Cyber Crime: Organizational Chart E. Internet Chat Query (ICQ) F. Internet Relay Chat (IRC) G. DoS Attack Techniques 1. Bandwidth Attacks 2. Service Request Floods 3. SYN Attack 4. SYN Flooding 5. ICMP Flood Attack 6. Peer-to-Peer Attacks 7. Permanent Denial-of-Service Attack 8. Application Level Flood Attacks H. Botnet 1. Botnet Propagation Technique 2. Botnet Ecosystem 3. Botnet Trojan: Shark 4. Poison Ivy: Botnet Command Control Center 5. Botnet Trojan: PlugBot I. WikiLeak Operation Payback 1. DDoS Attack 2. DDoS Attack Tool: LOIC 3. Denial of Service Attack Against MasterCard, Visa, and Swiss Banks 4. Hackers Advertise Links to Download Botnet J. DoS Attack Tools K. Detection Techniques 1. Activity Profiling 2. Wavelet Analysis 3. Sequential Change-Point Detection L. DoS/DDoS Countermeasure Strategies M. DDoS Attack Countermeasures 1. DoS/DDoS Countermeasures: Protect Secondary Victims 2. DoS/DDoS Countermeasures: Detect and Neutralize Handlers 3. DoS/DDoS Countermeasures: Detect Potential Attacks

15

4. DoS/DDoS Countermeasures: Deflect Attacks 5. DoS/DDoS Countermeasures: Mitigate Attacks N. Post-attack Forensics O. Techniques to Defend against Botnets P. DoS/DDoS Countermeasures Q. DoS/DDoS Protection at ISP Level R. Enabling TCP Intercept on Cisco IOS Software S. Advanced DDoS Protection: IntelliGuard DDoS Protection System (DPS) T. DoS/DDoS Protection Tool U. Denial of Service (DoS) Attack Penetration Testing XI. Session Hijacking A. What is Session Hijacking? B. Dangers Posed by Hijacking C. Why Session Hijacking is Successful? D. Key Session Hijacking Techniques E. Brute Forcing 1. Brute Forcing Attack F. HTTP Referrer Attack G. Spoofing vs. Hijacking H. Session Hijacking Process I. Packet Analysis of a Local Session Hijack J. Types of Session Hijacking 1. Session Hijacking in OSI Model 2. Application Level Session Hijacking 3. Session Sniffing K. Predictable Session Token 1. How to Predict a Session Token? L. Man-in-the-Middle Attack M. Man-in-the-Browser Attack 1. Steps to Perform Man-in-the-Browser Attack N. Client-side Attacks O. Cross-site Script Attack P. Session Fixation 1. Session Fixation Attack Q. Network Level Session Hijacking R. The 3-Way Handshake S. Sequence Numbers 1. Sequence Number Prediction T. TCP/IP Hijacking U. IP Spoofing: Source Routed Packets V. RST Hijacking W. Blind Hijacking X. Man-in-the-Middle Attack using Packet Sniffer Y. UDP Hijacking Z. Session Hijacking Tools 1. Paros 2. Burp Suite

16

3. Firesheep AA. Countermeasures BB. Protecting against Session Hijacking CC. Methods to Prevent Session Hijacking: To be Followed by Web Developers DD. Methods to Prevent Session Hijacking: To be Followed by Web Users EE. Defending against Session Hijack Attacks FF. Session Hijacking Remediation GG. IPSec 1. Modes of IPSec 2. IPSec Architecture 3. IPSec Authentication and Confidentiality 4. Components of IPSec 5. IPSec Implementation HH. Session Hijacking Pen Testing XII. Hijacking Webservers A. Webserver Market Shares B. Open Source Webserver Architecture C. IIS Webserver Architecture D. Website Defacement E. Case Study F. Why Web Servers are Compromised? G. Impact of Webserver Attacks H. Webserver Misconfiguration 1. Example I. Directory Traversal Attacks J. HTTP Response Splitting Attack K. Web Cache Poisoning Attack L. HTTP Response Hijacking M. SSH Bruteforce Attack N. Man-in-the-Middle Attack O. Webserver Password Cracking 1. Webserver Password Cracking Techniques P. Web Application Attacks Q. Webserver Attack Methodology 1. Information Gathering 2. Webserver Footprinting a. Webserver Footprinting Tools 3. Mirroring a Website 4. Vulnerability Scanning 5. Session Hijacking 6. Hacking Web Passwords R. Webserver Attack Tools 1. Metasploit a. Metasploit Architecture b. Metasploit Exploit Module c. Metasploit Payload Module d. Metasploit Auxiliary Module e. Metasploit NOPS Module

17

2. Wfetch S. Web Password Cracking Tool 1. Brutus 2. THC-Hydra T. Countermeasures 1. Patches and Updates 2. Protocols 3. Accounts 4. Files and Directories U. How to Defend Against Web Server Attacks? V. How to Defend against HTTP Response Splitting and Web Cache Poisoning? W. Patches and Hotfixes X. What is Patch Management? Y. Identifying Appropriate Sources for Updates and Patches Z. Installation of a Patch AA. Patch Management Tool: Microsoft Baseline Security Analyzer (MBSA) 1. Patch Management Tools BB. Web Application Security Scanner: Sandcat CC. Web Server Security Scanner: Wikto DD. Webserver Malware Infection Monitoring Tool: HackAlert EE. Webserver Security Tools FF. Web Server Penetration Testing XIII. Hacking Web Applications A. Web Application Security Statistics B. Introduction to Web Applications C. Web Application Components D. How Web Applications Work? E. Web Application Architecture F. Web 2.0 Applications G. Vulnerability Stack H. Web Attack Vectors I. Web Application Threats – 1 J. Web Application Threats – 2 K. Unvalidated Input L.Parameter/Form Tampering M. Directory Traversal N. Security Misconfiguration O. Injection Flaws 1. SQL Injection Attacks 2. Command Injection Attacks 3. Command Injection Example 4. File Injection Attack P. What is LDAP Injection? Q. How LDAP Injection Works? R. Hidden Field Manipulation Attack S. Cross-Site Scripting (XSS) Attacks 1. How XSS Attacks Work?

18

2. Cross-Site Scripting Attack Scenario: Attack via Email 3. XSS Example: Attack via Email 4. XSS Example: Stealing Users' Cookies 5. XSS Example: Sending an Unauthorized Request 6. XSS Attack in Blog Posting 7. XSS Attack in Comment Field 8. XSS Cheat Sheet 9. Cross-Site Request Forgery (CSRF) Attack 10. How CSRF Attacks Work? T. Web Application Denial-of-Service (DoS) Attack 1. Denial of Service (DoS) Examples U. Buffer Overflow Attacks V. Cookie/Session Poisoning 1. How Cookie Poisoning Works? W. Session Fixation Attack X. Insufficient Transport Layer Protection Y. Improper Error Handling Z. Insecure Cryptographic Storage AA. Broken Authentication and Session Management BB. Unvalidated Redirects and Forwards CC. Web Services Architecture 1. Web Services Attack 2. Web Services Footprinting Attack 3. Web Services XML Poisoning DD. Footprint Web Infrastructure 1. Footprint Web Infrastructure: Server Discovery 2. Footprint Web Infrastructure: Server Identification/Banner Grabbing 3. Footprint Web Infrastructure: Hidden Content Discovery EE. Web Spidering Using Burp Suite FF. Hacking Web Servers 1. Web Server Hacking Tool: WebInspect GG. Analyze Web Applications 1. Analyze Web Applications: Identify Entry Points for User Input 2. Analyze Web Applications: Identify Server-Side Technologies 3. Analyze Web Applications: Identify Server-Side Functionality 4. Analyze Web Applications: Map the Attack Surface HH. Attack Authentication Mechanism II. Username Enumeration JJ. Password Attacks: Password Functionality Exploits KK. Password Attacks: Password Guessing LL. Password Attacks: Brute-forcing MM. Session Attacks: Session ID Prediction/ Brute-forcing NN. Cookie Exploitation: Cookie Poisoning OO. Authorization Attack 1. HTTP Request Tampering 2. Authorization Attack: Cookie Parameter Tampering PP. Session Management Attack 1. Attacking Session Token Generation Mechanism

19

2. Attacking Session Tokens Handling Mechanism: Session Token Sniffing QQ. Injection Attacks RR. Attack Data Connectivity 1. Connection String Injection 2. Connection String Parameter Pollution (CSPP) Attacks 3. Connection Pool DoS SS. Attack Web App Client TT. Attack Web Services UU. Web Services Probing Attacks 1. Web Service Attacks: SOAP Injection 2. Web Service Attacks: XML Injection 3. Web Services Parsing Attacks VV. Web Service Attack Tool: soapUI WW. Web Service Attack Tool: XMLSpy XX. Web Application Hacking Tool: Burp Suite Professional YY. Web Application Hacking Tools: CookieDigger ZZ. Web Application Hacking Tools: WebScarab 1. Web Application Hacking Tools AAA. Encoding Schemes 1. How to Defend Against SQL Injection Attacks? 2. How to Defend Against Command Injection Flaws? 3. How to Defend Against XSS Attacks? 4. How to Defend Against DoS Attack? 5. How to Defend Against Web Services Attack? BBB. Web Application Countermeasures 1. How to Defend Against Web Application Attacks? 2. Web Application Security Tool: Acunetix Web Vulnerability Scanner 3. Web Application Security Tool: Falcove Web Vulnerability Scanner 4. Web Application Security Scanner: Netsparker 5. Web Application Security Tool: N-Stalker Web Application Security Scanner 6. Web Application Security Tools CCC. Web Application Firewall: dotDefender DDD. Web Application Firewall: IBM AppScan EEE. Web Application Firewall: ServerDefender VP 1. Web Application Firewall FFF. Web Application Pen Testing 1. Information Gathering 2. Configuration Management Testing 3. Authentication Testing 4. Session Management Testing 5. Authorization Testing 6. Data Validation Testing 7. Denial of Service Testing 8. Web Services Testing 9. AJAX Testing XIV. SQL Injection A. SQL Injection is the Most Prevalent Vulnerability in 2010

20

B. SQL Injection Threats C. What is SQL Injection? D. SQL Injection Attacks E. How Web Applications Work? F. Server Side Technologies G. HTTP Post Request 1. Example 1: Normal SQL Query 2. Example 1: SQL Injection Query 3. Example 1: Code Analysis 4. Example 2: BadProductList.aspx 5. Example 2: Attack Analysis 6. Example 3: Updating Table 7. Example 4: Adding New Records 8. Example 5: Identifying the Table Name 9. Example 6: Deleting a Table H. SQL Injection Detection 1. SQL Injection Error Messages 2. SQL Injection Attack Characters 3. Additional Methods to Detect SQL Injection I. SQL Injection Black Box Pen Testing 1. Testing for SQL Injection J. Types of SQL Injection 1. Simple SQL Injection Attack 2. Union SQL Injection Example 3. SQL Injection Error Based K. What is Blind SQL Injection? 1. No Error Messages Returned 2. Blind SQL Injection: WAITFOR DELAY YES or NO Response 3. Blind SQL Injection – Exploitation (MySQL) 4. Blind SQL Injection - Extract Database User 5. Blind SQL Injection - Extract Database Name 6. Blind SQL Injection - Extract Column Name 7. Blind SQL Injection - Extract Data from ROWS L. SQL Injection Methodology M. Information Gathering 1. Extracting Information through Error Messages 2. Understanding SQL Query 3. Bypass Website Logins Using SQL Injection N. Database, Table, and Column Enumeration 1. Advanced Enumeration O. Features of Different DBMSs 1. Creating Database Accounts P. Password Grabbing 1. Grabbing SQL Server Hashes 2. Extracting SQL Hashes (In a Single Statement) Q. Transfer Database to Attacker’s Machine R. Interacting with the Operating System S. Interacting with the FileSystem

21

T. Network Reconnaissance Full Query U. SQL Injection Tools 1. SQL Injection Tools: BSQLHacker 2. SQL Injection Tools: Marathon Tool 3. SQL Injection Tools: SQL Power Injector 4. SQL Injection Tools: Havij V. Evading IDS 1. Types of Signature Evasion Techniques 2. Evasion Technique: Sophisticated Matches 3. Evasion Technique: Hex Encoding 4. Evasion Technique: Manipulating White Spaces 5. Evasion Technique: In-line Comment 6. Evasion Technique: Char Encoding 7. Evasion Technique: String Concatenation 8. Evasion Technique: Obfuscated Codes W. How to Defend Against SQL Injection Attacks? 1. How to Defend Against SQL Injection Attacks: Use Type-Safe SQL Parameters X. SQL Injection Detection Tools 1. SQL Injection Detection Tool: Microsoft Source Code Analyzer 2. SQL Injection Detection Tool: Microsoft UrlScan 3. SQL Injection Detection Tool: dotDefender 4. SQL Injection Detection Tool: IBM AppScan Y. Snort Rule to Detect SQL Injection Attacks XV. Hacking Wireless Networks A. Wireless Networks B. Wi-Fi Usage Statistics in the US C. Wi-Fi Hotspots at Public Places D. Wi-Fi Networks at Home E. Types of Wireless Networks F. Wireless Standards G. Service Set Identifier (SSID) H. Wi-Fi Authentication Modes 1. Wi-Fi Authentication Process Using a Centralized Authentication Server 2. Wi-Fi Authentication Process I. Wireless Terminologies J. Wi-Fi Chalking 1. Wi-Fi Chalking Symbols K. Wi-Fi Hotspot Finder: jiwire.com L. Wi-Fi Hotspot Finder: WeFi.com M. Types of Wireless Antenna N. Parabolic Grid Antenna O. Types of Wireless Encryption P. WEP Encryption 1. How WEP Works? Q. What is WPA? 1. How WPA Works? R. Temporal Keys

22

S. What is WPA2? 1. How WPA2 Works? T. WEP vs. WPA vs. WPA2 U. WEP Issues V. Weak Initialization Vectors (IV) W. How to Break WEP Encryption? X. How to Break WPA/WPA2 Encryption? Y. How to Defend Against WPA Cracking? Z. Wireless Threats: Access Control Attacks AA. Wireless Threats: Integrity Attacks BB. Wireless Threats: Confidentiality Attacks CC. Wireless Threats: Availability Attacks DD. Wireless Threats: Authentication Attacks EE. Rogue Access Point Attack FF. Client Mis-association GG. Misconfigured Access Point Attack HH. Unauthorized Association II. Ad Hoc Connection Attack JJ. HoneySpot Access Point Attack KK. AP MAC Spoofing LL. Denial-of-Service Attack MM. Jamming Signal Attack NN. Wi-Fi Jamming Devices OO. Wireless Hacking Methodology PP. Find Wi-Fi Networks to Attack QQ. Attackers Scanning for Wi-Fi Networks RR. Footprint the Wireless Network SS. Wi-Fi Discovery Tool: insider TT. Wi-Fi Discovery Tool: NetSurveyor UU. Wi-Fi Discovery Tool: NetStumbler VV. Wi-Fi Discovery Tool: Vistumbler WW. Wi-Fi Discovery Tool: WirelessMon XX. Wi-Fi Discovery Tools YY. GPS Mapping 1. GPS Mapping Tool: WIGLE 2. GPS Mapping Tool: Skyhook ZZ. How to Discover Wi-Fi Network Using Wardriving? AAA. Wireless Traffic Analysis BBB. Wireless Cards and Chipsets CCC. Wi-Fi USB Dongle: AirPcap DDD. Wi-Fi Packet Sniffer: Wireshark with AirPcap EEE. Wi-Fi Packet Sniffer: Wi-Fi Pilot FFF. Wi-Fi Packet Sniffer: OmniPeek GGG. Wi-Fi Packet Sniffer: CommView for Wi-Fi HHH. What is Spectrum Analysis? III. Wireless Sniffers JJJ. Aircrack-ng Suite KKK. How to Reveal Hidden SSIDs

23

LLL. Fragmentation Attack MMM. How to Launch MAC Spoofing Attack? NNN. Denial of Service: Deauthentication and Disassociation Attacks OOO. Man-in-the-Middle Attack PPP. MITM Attack Using Aircrack-ng QQQ. Wireless ARP Poisoning Attack RRR. Rogue Access Point SSS. Evil Twin 1. How to Set Up a Fake Hotspot (Evil Twin)? TTT. How to Crack WEP Using Aircrack? UUU. How to Crack WEP Using Aircrack? Screenshot ½ VVV. How to Crack WEP Using Aircrack? Screenshot 2/2 WWW. How to Crack WPA-PSK Using Aircrack? XXX. WPA Cracking Tool: KisMAC YYY. WEP Cracking Using Cain & Abel ZZZ. WPA Brute Forcing Using Cain & Abel AAAA. WPA Cracking Tool: Elcomsoft Wireless Security Auditor BBBB. WEP/WPA Cracking Tools CCCC. Wi-Fi Sniffer: Kismet DDDD. Wardriving Tools EEEE. RF Monitoring Tools FFFF. Wi-Fi Connection Manager Tools GGGG. Wi-Fi Traffic Analyzer Tools HHHH. Wi-Fi Raw Packet Capturing Tools IIII. Wi-Fi Spectrum Analyzing Tools JJJJ. Bluetooth Hacking 1. Bluetooth Stack 2. Bluetooth Threats KKKK. How to BlueJack a Victim? LLLL. Bluetooth Hacking Tool: Super Bluetooth Hack MMMM. Bluetooth Hacking Tool: PhoneSnoop NNNN. Bluetooth Hacking Tool: BlueScanner 1. Bluetooth Hacking Tools OOOO. How to Defend Against Bluetooth Hacking? PPPP. How to Detect and Block Rogue AP? QQQQ. Wireless Security Layers RRRR. How to Defend Against Wireless Attacks? SSSS. Wireless Intrusion Prevention Systems TTTT. Wireless IPS Deployment UUUU. Wi-Fi Security Auditing Tool: AirMagnet WiFi Analyzer VVVV. Wi-Fi Security Auditing Tool: AirDefense WWWW. Wi-Fi Security Auditing Tool: Adaptive Wireless IPS XXXX. Wi-Fi Security Auditing Tool: Aruba RFProtect WIPS YYYY. Wi-Fi Intrusion Prevention System ZZZZ. Wi-Fi Predictive Planning Tools AAAAA. Wi-Fi Vulnerability Scanning Tools BBBBB. Wireless Penetration Testing 1. Wireless Penetration Testing Framework

24

2. Wi-Fi Pen Testing Framework 3. Pen Testing LEAP Encrypted WLAN 4. Pen Testing WPA/WPA2 Encrypted WLAN 5. Pen Testing WEP Encrypted WLAN 6. Pen Testing Unencrypted WLAN

XVI. Evading IDS, Firewalls and Honeypots

A. Intrusion Detection Systems (IDS) and its Placement

B. How IDS Works?

C. Ways to Detect an Intrusion

D. Types of Intrusion Detection Systems

E. System Integrity Verifiers (SIV)

F. General Indications of Intrusions

G. General Indications of System Intrusions

H. Firewall

1. Firewall Architecture

I. DeMilitarized Zone (DMZ)

J. Types of Firewall

1. Packet Filtering Firewall

2. Circuit-Level Gateway Firewall

3. Application-Level Firewall

4. Stateful Multilayer Inspection Firewall

K. Firewall Identification

1. Port Scanning

2. Firewalking

3. Banner Grabbing

L. Honeypot

1. Types of Honeypots

M. How to Set Up a Honeypot?

N. Intrusion Detection Tool

1. Snort

2. Snort Rules

3. Rule Actions and IP Protocols

4. The Direction Operator and IP Addresses

5. Port Numbers

O. Intrusion Detection Systems: Tipping Point

1. Intrusion Detection Tools

P. Firewall: Sunbelt Personal Firewall

1. Firewalls

Q. Honeypot Tools

1. KFSensor

2. SPECTER

25

R. Insertion Attack

S. Evasion

T. Denial-of-Service Attack (DoS)

U. Obfuscating

V. False Positive Generation

W. Session Splicing

X. Unicode Evasion Technique

Y. Fragmentation Attack

Z. Overlapping Fragments

AA. Time-To-Live Attacks

BB. Invalid RST Packets

CC. Urgency Flag

DD. Polymorphic Shellcode

EE. ASCII Shellcode

FF. Application-Layer Attacks

GG. Desynchronization

HH. Pre Connection SYN

II. Post Connection SYN

JJ. Other Types of Evasion

1. IP Address Spoofing

2. Attacking Session Token Generation Mechanism

3. Tiny Fragments

KK. Bypass Blocked Sites Using IP Address in Place of URL

1. Bypass Blocked Sites Using Anonymous Website Surfing Sites

LL. Bypass a Firewall using Proxy Server

1. Bypassing Firewall through ICMP Tunneling Method

2. Bypassing Firewall through ACK Tunneling Method

3. Bypassing Firewall through HTTP Tunneling Method

4. Bypassing Firewall through External Systems

5. Bypassing Firewall through MITM Attack

MM. Detecting Honeypots

NN. Honeypot Detecting Tool: Send-Safe Honeypot Hunter

OO. Firewall Evasion Tools

1. Traffic IQ Professional

2. tcp-over-dns

3. Firewall Evasion Tools

PP. Packet Fragment Generators

QQ. Countermeasures

RR. Firewall/IDS Penetration Testing

1. Firewall Penetration Testing

2. IDS Penetration Testing

26

XVII. Buffer Overflow

A. Buffer Overflows

B. Why are Programs And Applications Vulnerable?

C. Understanding Stacks

D. Stack-Based Buffer Overflow

E. Understanding Heap

1. Heap-Based Buffer Overflow

F. Stack Operations

1. Shellcode

2. No Operations (NOPs)

G. Knowledge Required to Program Buffer Overflow Exploits

H. Buffer Overflow Steps

1. Attacking a Real Program

2. Format String Problem

3. Overflow using Format String

4. Smashing the Stack

5. Once the Stack is Smashed...

I. Simple Uncontrolled Overflow

J. Simple Buffer Overflow in C

K. Code Analysis

L. Exploiting Semantic Comments in C (Annotations)

M. How to Mutate a Buffer Overflow Exploit?

N. Identifying Buffer Overflows

O. How to Detect Buffer Overflows in a Program?

P. BOU (Buffer Overflow Utility)

Q. Testing for Heap Overflow Conditions: heap.exe

R. Steps for Testing for Stack Overflow in OllyDbg Debugger

1. Testing for Stack Overflow in OllyDbg Debugger

S. Testing for Format String Conditions using IDA Pro

T. BoF Detection Tools

U. Defense Against Buffer Overflows

1. Preventing BoF Attacks

2. Programming Countermeasures

V. Data Execution Prevention (DEP)

W. Enhanced Mitigation Experience Toolkit (EMET)

1. EMET System Configuration Settings

2. EMET Application Configuration Window

X. /GS http://microsoft.com

Y. BoF Security Tools

1. BufferShield

27

Z. Buffer Overflow Penetration Testing

XVIII. Cryptography

A. Cryptography

B. Types of Cryptography

C. Government Access to Keys (GAK)

D. Ciphers

E. Advanced Encryption Standard (AES)

F. Data Encryption Standard (DES)

G. RC4, RC5, RC6 Algorithms

H. The DSA and Related Signature Schemes

I. RSA (Rivest Shamir Adleman)

1. Example of RSA Algorithm

2. The RSA Signature Scheme

J. Message Digest (One-way Bash) Functions

1. Message Digest Function: MD5

K. Secure Hashing Algorithm (SHA)

L. What is SSH (Secure Shell)?

M. MD5 Hash Calculators: HashCalc, MD5 Calculator and HashMyFiles

N. Cryptography Tool: Advanced Encryption Package

O. Cryptography Tools

P. Public Key Infrastructure (PKI)

Q. Certification Authorities

R. Digital Signature

S. SSL (Secure Sockets Layer)

T. Transport Layer Security (TLS)

U. Disk Encryption

1. Disk Encryption Tool: TrueCrypt

2. Disk Encryption Tools

V. Cryptography Attacks

W. Code Breaking Methodologies

1. Brute-Force Attack

X. Meet-in-the-Middle Attack on Digital Signature Schemes

Y. Cryptanalysis Tool: CrypTool

Z. Cryptanalysis Tools

AA. Online MD5 Decryption Tool

XIX. Penetration Testing

A. Introduction to Penetration Testing

B. Security Assessments

C. Vulnerability Assessment

28

D. Limitations of Vulnerability Assessment

E. Penetration Testing

F. Why Penetration Testing?

G. What Should be Tested?

H. What Makes a Good Penetration Test?

I. ROI on Penetration Testing

J. Testing Points

K. Testing Locations

L. Types of Penetration Testing

1. External Penetration Testing

2. Internal Security Assessment

3. Black-box Penetration Testing

4. Grey-box Penetration Testing

5. White-box Penetration Testing

6. Announced / Unannounced Testing

7. Automated Testing

8. Manual Testing

M. Common Penetration Testing Techniques

N. Using DNS Domain Name and IP Address Information

O. Enumerating Information about Hosts on Publicly-Available Networks

P. Phases of Penetration Testing

1. Pre-Attack Phase

2. Attack Phase

a. Activity: Perimeter Testing

b. Enumerating Devices

c. Activity: Acquiring Target

d. Activity: Escalating Privileges

e. Activity: Execute, Implant, and Retract

3. Post-Attack Phase and Activities

a. Penetration Testing Deliverable Templates

Q. Penetration Testing Methodology

1. Application Security Assessment

a. Web Application Testing – I

b. Web Application Testing – II

c. Web Application Testing – III

2. Network Security Assessment

3. Wireless/Remote Access Assessment

a. Wireless Testing

4. Telephony Security Assessment

5. Social Engineering

6. Testing Network-Filtering Devices

29

7. Denial of Service Emulation

R. Outsourcing Penetration Testing Services

1. Terms of Engagement

2. Project Scope

3. Pentest Service Level Agreements

4. Penetration Testing Consultants

S. Evaluating Different Types of Pentest Tools

T. Application Security Assessment Tool

1. Webscarab

U. Network Security Assessment Tool

1. Angry IP scanner

2. GFI LANguard

V. Wireless/Remote Access Assessment Tool

1. Kismet

W. Telephony Security Assessment Tool

1. Omnipeek

X. Testing Network-Filtering Device Tool

1. Traffic IQ Professional