Course Description
This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking. This course prepares you for EC-Council Certified Ethical Hacker exam 312-50

Who Should Attend
This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.

Duration:
5 days (9:00 – 5:00)

Certification
The Certified Ethical Hacker exam 312-50 may be taken on the last day of the training (optional). Students need to pass the online Prometric exam to receive CEH certification.

Legal Agreement
Ethical Hacking and Countermeasures course mission is to educate, introduce and demonstrate hacking tools for penetration testing purposes only. Prior to attending this course, you will be asked to sign an agreement stating that you will not use the newly acquired skills for illegal or malicious attacks and you will not use such tools in an attempt to compromise any computer system, and to indemnify EC-Council with respect to the use or misuse of these tools, regardless of intent.

Not anyone can be a student — the Accredited Training Centers (ATC) will make sure the applicants work for legitimate companies.

Course Outline Version 6

CEHv6 Curriculum consists of instructor-led training and self-study. The Instructor will provide the details of self-study modules to the students beginning of the class.

Module 1: Introduction to Ethical Hacking

  • Problem Definition -Why Security?
  • Essential Terminologies
  • Elements of Security
  • The Security, Functionality and Ease of Use Triangle
  • Case Study
  • What does a Malicious Hacker do?

o    Phase1-Reconnaissaance

·         Reconnaissance Types

o    Phase2-Scanning

o    Phase3-Gaining Access

o    Phase4-Maintaining Access

o    Phase5-Covering Tracks

  • Types of Hacker Attacks

o    Operating System attacks

o    Application-level attacks

o    Shrink Wrap code attacks

o    Misconfiguration attacks

  • Hacktivism
  • Hacker Classes
  • Security News: Suicide Hacker
  • Ethical Hacker Classes
  • What do Ethical Hackers do
  • Can Hacking be Ethical
  • How to become an Ethical Hacker
  • Skill Profile of an Ethical Hacker
  • What is Vulnerability Research

o    Why Hackers Need Vulnerability Research

o    Vulnerability Research Tools

o    Vulnerability Research Websites

·         National Vulnerability Database (nvd.nist.gov)

·         Securitytracker (www.securitytracker.com)

·         Securiteam (www.securiteam.com)

·         Secunia (www.secunia.com)

·         Hackerstorm Vulnerability Database Tool (www.hackerstrom.com)

·   HackerWatch (www.hackerwatch.org)

·   MILWORM

  • How to Conduct Ethical Hacking
  • How Do They Go About It
  • Approaches to Ethical Hacking
  • Ethical Hacking Testing
  • Ethical Hacking Deliverables
  • Computer Crimes and Implications

Module 2: Hacking Laws

§  U.S. Securely Protect Yourself Against Cyber Trespass Act (SPY ACT)

§  Legal Perspective (U.S. Federal Law)

o    18 U.S.C. § 1029

·         Penalties

o    18 U.S.C. § 1030

·         Penalties

o    18 U.S.C. § 1362

o    18 U.S.C. § 2318

o    18 U.S.C. § 2320

o    18 U.S.C. § 1831

o    47 U.S.C. § 605, unauthorized publication or use of communications

o    Washington:

·         RCW 9A.52.110

o    Florida:

·         § 815.01 to 815.07

o    Indiana:

·         IC 35-43

§  Federal Managers Financial Integrity Act of 1982

§  The Freedom of Information Act 5 U.S.C. § 552

§  Federal Information Security Management Act (FISMA)

§  The Privacy Act Of 1974 5 U.S.C. § 552a

§  USA Patriot Act of 2001

§  United Kingdom’s Cyber Laws

§  United Kingdom: Police and Justice Act 2006

§  European Laws

§  Japan’s Cyber Laws

§  Australia : The Cybercrime Act 2001

§  Indian Law: THE INFORMTION TECHNOLOGY ACT

§  Argentina Laws

§  Germany’s Cyber Laws

§  Singapore’s Cyber Laws

§  Belgium  Law

§  Brazilian Laws

§  Canadian Laws

§  France Laws

§  German Laws

§  Italian Laws

§  MALAYSIA: THE COMPUTER CRIMES ACT 1997

§  HONGKONG: TELECOMMUNICATIONS

§  Korea: ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION, ETC.

§  Greece Laws

§  Denmark Laws

§  Netherlands Laws

§  Norway

§  ORDINANCE

§  Mexico

§  SWITZERLAND

Module 3: Footprinting

  • Revisiting Reconnaissance
  • Defining Footprinting
  • Why is Footprinting Necessary
  • Areas and Information which Attackers Seek
  • Information Gathering Methodology

o    Unearthing Initial Information

·         Finding Company’s URL

·         Internal URL

·         Extracting Archive of a Website

§  www.archive.org

·         Google Search for Company’s Info

·         People Search

§  Yahoo People Search

§  Satellite Picture of a Residence

§  Best PeopleSearch

§  People-Search-America.com

§  Switchboard

§  Anacubis

§  Google Finance

§  Yahoo Finance

·         Footprinting through Job Sites 

·         Passive Information Gathering

·         Competitive Intelligence Gathering

§  Why Do You Need Competitive Intelligence?

§  Competitive Intelligence Resource

§  Companies Providing Competitive Intelligence Services

§  Carratu International

§  CI Center

§  Competitive Intelligence - When Did This Company Begin? How Did It Develop?

§  Competitive Intelligence - Who Leads This Company

§  Competitive Intelligence - What Are This Company's Plans

§  Competitive Intelligence - What Does Expert Opinion Say About The Company

§  Competitive Intelligence - Who Are The Leading Competitors?

§  Competitive Intelligence Tool: Trellian

§  Competitive Intelligence Tool: Web Investigator

·         Public and Private Websites

  • Footprinting Tools

o    Sensepost Footprint Tools

o    Big Brother

o    BiLE Suite

o    Alchemy Network Tool

o    Advanced Administrative Tool

o    My IP Suite

o    Wikto Footprinting Tool

o    Whois Lookup

o    Whois

o    SmartWhois

o    ActiveWhois

o    LanWhois

o    CountryWhois

o    WhereIsIP

o    Ip2country

o    CallerIP

o    Web Data Extractor Tool

o    Online Whois Tools

o    What is MyIP

o  DNS Enumerator

o  SpiderFoot

o  Nslookup

o  Extract DNS Information

    • Types of DNS Records
    • Necrosoft Advanced DIG

o    Expired Domains

o    DomainKing

o    Domain Name Analyzer

o    DomainInspect

o    MSR Strider URL Tracer

o    Mozzle Domain Name Pro

o    Domain Research Tool (DRT)

o    Domain Status Reporter

o    Reggie

o    Locate the Network Range

·   ARIN

·   Traceroute

§    Traceroute Analysis

·   3D Traceroute

·   NeoTrace

·   VisualRoute Trace

·   Path Analyzer Pro

·   Maltego

·   Layer Four Traceroute

·   Prefix WhoIs widget

·   Touchgraph

·   VisualRoute Mail Tracker

·   eMailTrackerPro

·   Read Notify

  • E-Mail Spiders

o    1st E-mail Address Spider

o    Power E-mail Collector Tool

o    GEOSpider

o    Geowhere Footprinting Tool

o    Google Earth

o    Kartoo Search Engine

o    Dogpile (Meta Search Engine)

o    Tool: WebFerret

o    robots.txt

o    WTR - Web The Ripper

o    Website Watcher

  • Steps to Create Fake Login Pages
  • How to Create Fake Login Pages
  • Faking Websites using Man-in-the-Middle Phishing Kit
  • Benefits to Fraudster
  • Steps to Perform Footprinting

Module 4: Google Hacking

§  What is Google hacking

§  What a hacker can do with vulnerable site

§  Anonymity with Caches

§  Using Google as a Proxy Server

§  Directory Listings

o    Locating Directory Listings

o    Finding Specific Directories

o    Finding Specific Files

o    Server Versioning 

§  Going Out on a Limb: Traversal Techniques

o    Directory Traversal

o    Incremental Substitution 

§  Extension Walking

  • Site Operator
  • intitle:index.of
  • error | warning
  • login | logon
  • username | userid | employee.ID | “your username is”
  • password | passcode | “your password is”
  • admin | administrator

o    admin login

  • –ext:html –ext:htm –ext:shtml –ext:asp –ext:php
  • inurl:temp | inurl:tmp | inurl:backup | inurl:bak
  • intranet | help.desk
  • Locating Public Exploit Sites

o    Locating Exploits Via Common Code Strings

      • Searching for Exploit Code with Nonstandard Extensions
      • Locating Source Code with Common Strings
  • Locating Vulnerable Targets

o    Locating Targets Via Demonstration Pages

      • “Powered by” Tags Are Common Query Fodder for Finding Web Applications

o    Locating Targets Via Source Code

      • Vulnerable Web Application Examples

o    Locating Targets Via CGI Scanning

      • A Single CGI Scan-Style Query
  • Directory Listings

o    Finding IIS 5.0 Servers

  • Web Server Software Error Messages

o    IIS HTTP/1.1 Error Page Titles

o     “Object Not Found” Error Message Used to Find IIS 5.0

o    Apache Web Server

      • Apache 2.0 Error Pages
  • Application Software Error Messages

o    ASP Dumps Provide Dangerous Details

o    Many Errors Reveal Pathnames and Filenames

o    CGI Environment Listings Reveal Lots of Information

  • Default Pages

o    A Typical Apache Default Web Page

o    Locating Default Installations of IIS 4.0 on Windows NT 4.0/OP

o    Default Pages Query for Web Server

o    Outlook Web Access Default Portal

  • Searching for Passwords

o    Windows Registry Entries Can Reveal Passwords

o    Usernames, Cleartext Passwords, and Hostnames!

  • Google Hacking Database (GHDB)
  • SiteDigger Tool
  • Gooscan
  • Goolink Scanner
  • Goolag Scanner
  • Tool: Google Hacks
  • Google Hack Honeypot
  • Google Protocol
  • Google Cartography

Module 5: Scanning

  • Scanning: Definition
  • Types of Scanning
  • Objectives of Scanning
  • CEH Scanning Methodology

o    Checking for live systems - ICMP Scanning

·         Angry IP

·         HPing2

·         Ping Sweep

·         Firewalk Tool

·         Firewalk Commands

·         Firewalk Output

·         Nmap

·         Nmap: Scan Methods

·         NMAP Scan Options

·         NMAP Output Format

·         TCP Communication Flags

·         Three Way Handshake

o    Syn Stealth/Half Open Scan

o    Stealth Scan

o    Xmas Scan

o    Fin Scan

o    Null Scan

o    Idle Scan

o    ICMP Echo Scanning/List Scan

o    TCP Connect/Full Open Scan

o    FTP Bounce Scan

·         Ftp Bounce Attack

o    SYN/FIN Scanning Using IP Fragments

o    UDP Scanning

o    Reverse Ident Scanning

o    RPC Scan

o    Window Scan

o    Blaster Scan

o    Portscan Plus, Strobe

o    IPSec Scan

o    Netscan Tools Pro

o    WUPS – UDP Scanner

o    Superscan

o    IPScanner

o    Global Network Inventory Scanner

o    Net Tools Suite Pack

o    Floppy Scan

o    FloppyScan Steps

o    E-mail Results of FloppyScan

o    Atelier Web Ports Traffic Analyzer (AWPTA)

o    Atelier Web Security Port Scanner (AWSPS)

o    IPEye

o    ike-scan

o    Infiltrator Network Security Scanner

o    YAPS: Yet Another Port Scanner

o    Advanced Port Scanner

o    NetworkActiv Scanner

o    NetGadgets

o    P-Ping Tools