Course Description

This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, Open Source Intelligence, Incident Handling and Log Interpretation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in internet security.

This course prepares you for EC-Council Certified Ethical Hacker exam 312-50

Who Should Attend

This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.

Duration:
5 days (9:00 5:00)

Certification
The Certified Ethical Hacker certification exam 312-50 will be conducted on the last day of training. Students need to pass the online Prometric exam to receive CEH certification.

Legal Agreement
Ethical Hacking and Countermeasures course mission is to educate, introduce and demonstrate hacking tools for penetration testing purposes only. Prior to attending this course, you will be asked to sign an agreement stating that you will not use the newly acquired skills for illegal or malicious attacks and you will not use such tools in an attempt to compromise any computer system, and to indemnify EC-Council with respect to the use or misuse of these tools, regardless of intent.

Not anyone can be a student the Accredited Training Centers (ATC) will make sure the applicants work for legitimate companies.


Course Outline

Understanding Hackers

bullet

Know the Hacker

bullet

Hacker Ethics

bullet

Hacker and the Law

bullet

Legal implications of Hacking

bullet

Computer Crime and Punishment

Footprinting

bullet

What is Foorprinting?

bullet

Determining the scope of activities

bullet

Network enumeration

bullet

DNS interrogation

Scanning

bullet

Determining if the system is alive

bullet

Determining which services are running or listening

bullet

Scan types

bullet

Identifying TCP and UDP services running

bullet

Windows based port scanners

bullet

Port scanning breakdown

bullet

Detecting operating systems

bullet

Active stack fingerprinting

bullet

Passive stack fingerprinting

bullet

Automated discovery tools

Enumeration

bullet

Windows NT/2000 enumeration

bullet

Windows NT/2000 network enumeration

bullet

Windows NT/2000 host enumeration

bullet

Application and banner enumeration

bullet

Novell enumeration

bullet

UNIX enumeration

bullet

BGP route enumeration

 

System Hacking

bullet

Win 9x remote exploits

bullet

Direct connection Win 9x resources

bullet

Win 9x backdoor Trojan and horses

bullet

Server application vulnerabilities

bullet

Win 9x denial of service

bullet

Win 9x local exploits

bullet

Windows ME remote attacks

Hacking Windows NT

bullet

Remote exploits: Denial of service and buffer overflows

bullet

Privilege escalation

bullet

Exploiting trust

bullet

Sniffers

bullet

Remote control and backdoors

bullet

Port redirection

bullet

Countermeasures to privileged compromise

bullet

Covering tracks

bullet

Disabling auditing

bullet

Clearing the event log

bullet

Hiding files

Hacking Windows 2000

bullet

Footprinting

bullet

Scanning

bullet

Enumeration

bullet

Penetration

bullet

NetBIOS-SMB password guessing

bullet

Eavesdropping on password hashes

bullet

SMBRelay

bullet

Attacks against IIS 5.0

bullet

Remote buffer overflows

bullet

Denial of service

bullet

Privilege escalation

bullet

Grabbing the Windows 2000 password hashes

bullet

EFS

bullet

Startup manipulation

bullet

Remote control

bullet

Keystroke loggers

Novell Netware Hacking

bullet

Enumerating  Bindery and Trees

bullet

Authenticated enumeration

bullet

Gaining Admin access

bullet

Application vulnerabilities

bullet

Spoofing attacks

bullet

Console logs and NDS files

bullet

Log doctoring

Hacking UNIX/Linux

bullet

Root abuse

bullet

Vulnerability mapping

bullet

Remote access Vs local access

bullet

Data driven attacks

bullet

Common types of remote attacks

bullet

Hacking root account

bullet

Retrieving /etc/passwd file

bullet

Caching.

Dial-up, Voicemail and VPN Hacking

bullet

Brute force scripting

bullet

PBX hacking

bullet

Voicemail hacking

bullet

VPN hacking

bullet

Modem scramblers

Wireless Network Hacking

bullet

IEEE 802.11 Wireless LAN attack

bullet

WAP (Cellular phone) hacking

bullet

Detecting the wireless media

bullet

Hacking Wireless network adapter cards

Firewalls

bullet

Firewall identification

bullet

Scanning through firewalls

bullet

Packet filtering

bullet

Application proxy vulnerabilities

Denial of Service (DOS) attacks

bullet

Types of DOS attacks

bullet

Bandwidth consumption

bullet

Resource starvation

bullet

Programming flaws

bullet

Routing and DNS attacks

bullet

Generic DOS attacks

bullet

UNIX and Windows NT DoS

bullet

Remote DOS attacks

bullet

Distributed denial of attacks (DDOS)

Remote control and back doors

bullet

Discovering remote control software

bullet

Virtual network computing (VNC)

bullet

Attacking Microsoft Terminal Server

bullet

Attacking Citrix ICA

Hacking the internal user

bullet

Malicious mobile code

bullet

Microsoft ActiveX

bullet

Java Security Holes

bullet

Cookie fraud

bullet

SSL fraud

bullet

E-Mail hacking

bullet

Invoking outbound client connections

Web Server Hacking

bullet

Attacking Web authentication

bullet

HTTP authentication basic and digest

bullet

Forms-based authentication

bullet

Microsoft Passport

bullet

Password guessing

bullet

Attacking session state management

bullet

Session ID prediction and brute-forcing

bullet

Bypassing SQL-backend login forms

bullet

Input  validation attacks

bullet

Attacking Web datastores

bullet

Hacking Web application development

bullet

Web client hacking

bullet

Attacking Web services

bullet

SOAP over HTTPS

bullet

WSDL attack

bullet

Hacking Web services

bullet

Cookie hijacking

Hacker Tools

bullet

Queso

bullet

Fragrouter

bullet

IPLog

bullet

IPTraf

bullet

Lids

bullet

LSOF

bullet

Nemesis

bullet

Swatch

bullet

Cerberus Internet Scanner

bullet

Crack / Libcrack

bullet

Retina

bullet

Cheops

bullet

Ngrep

bullet

Logcheck

bullet

NFR

bullet

SAM Spade

bullet

Scanlogd

bullet

NAT (NetBIOS Auditing Tool

bullet

Ntop

bullet

Hunt

bullet

John the Ripper

bullet

L0pht Crack

bullet

Strobe

bullet

Firewalk

bullet

Iptables

bullet

SATAN

bullet

SARA

bullet

Sniffit

bullet

Hping2

bullet

Cybercop Scanner

bullet

Tripwire

bullet

DSniff

bullet

Whisker

bullet

Ethereal

bullet

Netcat

bullet

Nessus

bullet

Back Orfice

bullet

Camera/Shy


2002 EC-Council. All rights reserved.
This document is for informational purposes only. EC-Council MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. EC-Council logo is registered trademarks or trademarks of EC-Council in the United States and/or other countries.