What You'll Learn

• How to scope a security assessment
• How to footprint an organization
• Master advanced port-scanning techniques
• Perform passive and active OS fingerprinting
• Use exploit frameworks
• Works of ARP attacks
• Exploit database vulnerabilities
• Concept of social engineering
• Common vulnerabilities and exposures
• Analyze DNS servers for proper configuration
• Examine web servers for weaknesses
• Master the hacker's methodology
• Exploit vulnerabilities remotely
• Develop reports and test results used to create countermeasures to thwart malicious hacking

Course Outline

1. The Business Aspects of Hacking

• Why Security is Critical to Business
  • The Wired World
• Outline the Ethical Hacking Methodology
• Three Major Stages of a Penetration Test
  • Pre-assessment
  • Assessment
  • Post-assessment
• The Ethical Hacking Report
• Hacking and the Legal Environment

2. Footprinting

• Overview of the Footprinting Phase
  • Footprinting and Passive Information Gathering
• Information-Gathering Methodology of Hackers
  • Techniques
  • Tools
• The Implications of Information Leakage
• Countermeasures

3. Linux

• Linux History
• Why Linux is Important to the Hacking Community
• Linux Concepts
  • OS
  • Commands
  • Compiling Programs in Linux
• Linux Applications
  • Password Cracking
  • Hping
  • Linux Rootkits
  • IP Tables
• Linux Security Countermeasures

4. Technical Foundations of Hacking

• The TCP/IP Stack
  • IP
  • ICMP
  • ARP
  • TCP Details
  • UDP Details
  • Ports and Services
  • TCP Details
  • TCP Packet Structure
  • TCP Flags
  • UDP Details
  • Applications
• Application Attack Vectors

5. Scanning

• Detecting "Live" Systems on the Targeted Network
  • ICMP Ping
• Services Running/Listening on the Targeted Systems
  • Port-Scanning Techniques
• Identifying TCP and UDP Services Running on the Targeted Network
• Operating System
  • Active and Passive Fingerprinting
• Automated Discovery Tools

6. Cryptography

• Defining Cryptography and Algorithms
• Symmetric Encryption
  • How Symmetric Encryption Works
  • Common Algorithms for Symmetric Keys
  • Strengths and Weaknesses of Symmetric Encryption
• Hash Functions
• Asymmetric Encryption
  • How Asymmetric Encryption Works
  • Common Algorithms for Asymmetric Keys
  • Strengths and Weaknesses of Asymmetric Encryption
• Digital Signatures
• Public Key Encryption
• Quantum Cryptography
• Cryptographic Solutions
  • SHA, SSL, PGP, SSH, IPSEC
• Encryption Cracking Techniques

7. Enumeration

• Enumeration Concept
• Banner Grabbing
• The Null Session
  • SIDs and RIDs
  • SMB Enumeration
• SNMP
  • SNMP Enumeration
• Active Directory Enumeration
  • Exploiting DNS
• Enumeration Countermeasures

8. System Hacking

• Password Attacks
  • Social
  • Physical
  • Logical
• Password Guessing
• Privilege Escalation
• Cracking Passwords
  • Linux Password Cracking
  • Windows Password Cracking
• Covering Tracks
  • Covering Tracks Tools
• Hiding Tools
• Owning the Box
  • Rootkits

9. Trojans and Backdoors

• Malware
  • Trojans and Backdoors
  • Trojan Tools
• Netcat - The "Swiss Army Knife" of Hacking Tools
• Backdoors
• Prevention Methods and Countermeasures
• Anti-Trojan Software/Hardware

10. Vulnerability Assessment and Exploit Frameworks

• Vulnerability Assessments
• Open Source Vulnerability Assessments Tools
  • Nessus
  • X-Scan
• Commercial Vulnerability Scanners
  • Retina
  • NewT
  • LANguard
• Advanced Attack Techniques
  • Metasploit
  • ExploitTree
• Patching
• Updates and CVEs

11. Sniffers, Man-in-the-Middle Attacks, and Denial of Service

• Defining Packet Sniffing
• ARP Vulnerabilities
  • ARP Spoofing
  • Flooding
• DNS Vulnerabilities
  • Cache Poisoning
• Session Hijacking
  • Session Hijacking Tools
• Denial of Service (DoS)
  • DoS Tools and Techniques
  • DDoS
• Attacking Firewalls
• Attacking IDS

12. Hacking Wireless

• Wireless Communications
  • Cell Phones
  • Bluetooth
  • Wireless Networking
• Wireless Network Attacks
  • Mapping Wireless Networks
  • Wireless Attack Tools
• Securing Wireless Networks
  • Site Surveys
• MAC Sniffing and ARP Spoofing
• Other Wireless Hacking Tools
• WIDZ, RADIUS, Snort

13. Database Attacks and SQL Injection

• Database Concepts and Theory
  • Database Types
• Database Vulnerabilities
• Database Exploits
  • Indirect Attacks - SQL Injection
  • Direct Attacks - Buffer Overflows
• Securing Databases

14. Hacking Web Servers

• Web Server Basics
• Web Server Types
• Footprinting
  • Lynx, Black Widow, and Countermeasures
• Attacks Against Web Servers
  • Apache
  • IIS
• Tools Used in Attack Web Servers
• Attack Countermeasures
• Web Applications
• Attacking Web Applications
  • Web Application Vulnerabilities
  • Input Manipulation
• Authentication and Session Management
  • Encryption
  • Obfuscation
  • Cookies
  • Certificate-Based Authentication
• Attacking Authentication
  • Password Guessing
  • Tools
• Securing Web Servers and Applications

15. Physical Security

• The Role of Physical Security
• Controls
• Attacks
  • Lock Picking
• Checklist
• Summary

16. Social Engineering

• Attacks
• Techniques
  • Dumpster Diving
  • Online Social Engineering
  • Reverse Social Engineering
• Preventing Social Engineering
  • Policies and Procedures
  • Employee Education

17. Appendix

• Additional Self-Study Modules

Labs

Lab 1: Network Configuration

Set up the network equipment you will use for the remainder of this course. Also, test network connectivity.

Lab 2: Footprinting

Learn the devastating effects of information leakage as you use your hacking skills to practice footprinting techniques.

Lab 3: Linux

Why all the fuss about Linux? Because there are dozens of precompiled Linux distros packed full of the latest hacking tools. Learn how to set up a Linux environment and build your own Linux attack platform.

Lab 4: Port Scanning

Practice scanning a live test network and learn how to identify open ports and exploit vulnerabilities. Learn how to improve an organization's network security.

Lab 5: System Hacking

See how the hackers really do it as you step through the process of gaining a system foothold, escalating privilege, cracking passwords, and planting rootkits. Learn how hackers own the box!

Lab 6: Trojans and Backdoors

Discover ways malware continues to represent a real threat to organizations. See firsthand the power of Trojans and Backdoors, and learn the latest USB hack. Learn what's needed to detect malicious code.

Lab 7: Vulnerability Assessment

Real security requires proactive defense. Learn how tools like Metasploit and Exploit Framework really work.

Lab 8: Sniffers

Think outsiders are your biggest threat? This lab will demonstrate the power of insiders as you explore Sniffers and learn how ARP poisoning really works.

Lab 9: Hacking Web Servers

Web servers are the ever-present outpost of your organization. This lab will step you through a common web-based attack.

Classroom Dates and Locations

Date	Location Details
Feb 15 - 19, 2010	New York, NY	Register
Mar 1 - 5, 2010	Chicago (Schaumburg), IL	Register
Mar 15 - 19, 2010	Washington, DC	Register
Mar 22 - 26, 2010	Toronto, ON	Register
Mar 22 - 26, 2010	Dallas, TX	Register
Mar 29 - Apr 2, 2010	Elkridge, MD	Register
Mar 29 - Apr 2, 2010	San Antonio, TX	Register
Apr 5 - 9, 2010	San Jose, CA	Register
Apr 12 - 16, 2010	Austin, TX	Register
Apr 19 - 23, 2010	Raleigh, NC	Register
Apr 26 - 30, 2010	Atlanta, GA	Register
May 3 - 7, 2010	Houston, TX	Register
May 10 - 14, 2010	New York, NY	Register
May 17 - 21, 2010	Morristown, NJ	Register
May 24 - 28, 2010	Charlotte, NC	Register
May 24 - 28, 2010	Washington, DC	Register
Jun 7 - 11, 2010	Chicago (Schaumburg), IL	Register
Jun 21 - 25, 2010	Dallas, TX	Register
Jul 19 - 23, 2010	Toronto, ON	Register
Jul 19 - 23, 2010	Elkridge, MD	Register
Aug 9 - 13, 2010	Washington, DC	Register
Aug 16 - 20, 2010	New York, NY	Register
Aug 23 - 27, 2010	San Jose, CA	Register
Aug 30 - Sep 3, 2010	Raleigh, NC	Register
Aug 30 - Sep 3, 2010	Atlanta, GA	Register
Sep 13 - 17, 2010	Morristown, NJ	Register
Sep 20 - 24, 2010	Ottawa, ON	Register
Sep 27 - Oct 1, 2010	Dallas, TX	Register

Don’t see the location or date you need? No problem – just use our By Request service.