Overview
This 5-day course reveals the tools and techniques used in common by hackers to attack, and by system administrators to hack-proof their networks. Hundreds of hack tools and associated hands-on labs bring home the depth of vulnerability present in most networks.

• The ultimate guide to network security, the course walks through the process of assessing and then correcting the vulnerabilities present within information systems.
• Specific countermeasures and generalized secure design principles are covered.
• Real-world lab environment includes Cisco routers and the Linux, Windows 9x, NT, 2000, and XP operating systems.
• Courseware includes the Security Tool Set containing:
  
  • hundreds of exploit tools
  • white papers
  • checklists
  • links to additional Internet resources
    

Prerequisites
Attendees should have familiarity with:

• The TCP/IP protocol stack
• The Windows and UNIX operating systems (as applicable)
• General understanding of routing, switching, and networking concepts.
• Knowledge of operating system architectural elements such as:
• The Windows SAM file and access permission types
• UNIX's /etc/shadow file and chmod command
  

Course Topics:

Footprinting

• Scope Determination
• Network Enumeration
• DNS Interrogation
• Network Reconnaissance

Scanning

• Determining Live Systems
• Scan Types
• Identifying TCP and UDP Services Running
• Windows-Based Port Scanners
• Port Scanning Breakdown
• Detecting the Operating System
• Active and Passive Stack Fingerprinting
• Automated Discovery Tools

Enumeration

• NT/2000 Network, Host, Application, and Banner Enumeration
• Novell Enumeration
• UNIX Enumeration
• BGP Route Enumeration

Hacking Windows 95/98, ME, and XP Home Edition

• Win 9x Remote Exploits
• Direct Connection to Win 9x Shared Resources
• Win 9x Backdoor Servers and Trojans
• Known Server Application Vulnerabilities
• Win 9x Denial of Service Attacks
• Win 9x Local Exploits
• Windows ME Remote and Local Attacks
• Windows XP Home Edition Attacks

Hacking Windows NT

• Denial of Service and Buffer Overflows
• Privilege Escalation
• Exploiting Trust
• Sniffers
• Remote Control and Back Doors
• Port Redirection
• General Countermeasures to Privileged Compromise
• Rootkits
• Disabling Auditing
• Clearing the Event Log
• Hiding Files

Hacking Windows 2000

• Footprinting, Scanning, and Enumeration
• Penetration
• NetBIOS-SMB Password Guessing
• Eavesdropping on Password Hashes
• SMBRelay
• Attacks Against IIS 5
• Remote Buffer Overflows
• Denial of Service Attacks
• Privilege Escalation
• Pilfering
• Grabbing the Windows 2000 Password Hashes
• The Encrypting File System (EFS)
• Exploiting Trust
• Covering Tracks
• Disabling Auditing
• Clearing the Event Log
• Hiding Files
• Backdoors
• Startup Manipulation
• Remote Control
• Keystroke Loggers
• New Windows Security Tools
• .NET Framework
• Whistler Versions and Security Features

Novell NetWare Hacking

• Attaching but not Touching
• Enumerating the Bindery and Trees
• Authenticated Enumeration
• Gaining Admin
• Application Vulnerabilities
• Spoofing Attacks (Pandora)
• Owning the NDS Files
• Log Doctoring

Hacking UNIX

• Quest for Root
• Vulnerability Mapping
• Remote Access vs. Local Access
• Data Driven Attacks
• Rootkits
• Rootkit Recovery

Dial-UP, PBX, Voicemail, and VPN Hacking

• Wardialing Hardware, Software, Peripherals, and Legal Issues
• Brute Force Scripting
• PBX Hacking
• Voicemail Hacking
• VPN Hacking

Network Devices

• Discovery - Detection and SNMP
• Back Doors
• Default Accounts
• Shared vs. Switched Media
• Detecting Media Type
• Picking Up Passwords with dsniff
• Sniffing on a Network Switch
• Wireless Network Hacking
• 802.11 Wireless LANs
• WAP Cellular Phones

Firewalls

• Identification and Discovery
• Scanning Through Firewalls
  
• Packet Filtering
• Application Proxy Vulnerabilities
• WinGate Vulnerabilities

Denial of Service (DoS) Attacks

• Bandwidth Consumption
• Resource Starvation
  
• Programming Flaws
• Routing and DNS Attacks
  
• Generic DoS Attacks
  
• UNIX and Windows NT DoS
  
• Remote DoS Attacks
  
• Distributed DoS Attacks
  
• Local DoS Attacks

Remote Control Insecurities

• Discovering Remote Control Software
  
• Connecting
  
• Weaknesses
  
• Virtual Network Computing (VNC)
  
• Microsoft Terminal Server and Citrix ICA
  
• Attacking Terminal Server

Session Hijacking

• Back Doors
  
• Trojans
  
• Cryptography
  
• Secure Shell (SSH) Attacks
  
• Rootkits and Imaging Tools
  
• Social Engineering

Web Hacking

• Finding Well-Known Vulnerabilities
  
• Automated Scripts
  
• Automated Applications
  
• CGI Vulnerabilities
  
• IIS and Active Server Pages (ASP) Vulnerabilities
  
• Cold Fusion Vulnerabilities
  
• Buffer Overflows
  
• Web Hacking Tools

Hacking the Internet User

• Malicious Mobile Code
  
• ActiveX, Java, Cookies, and IE HTML Frame Vulnerabilities
  
• SSL Fraud
  
• E-mail Hacking
  
• Executing Arbitrary Code Through E-mail
  
• Outlook Address Book Worms
  
• File Attachment Attacks
  
• Writing Attachments to Disk Without User Intervention
  
• Invoking Outbound Clint Connections
  
• IRC Hacking
  
• Countermeasures to Internet User Hacking